This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chethan_m
Collaborator
‎2023-09-28 11:47 PM

Hamony Connect - DLP not working

Hi Everyone,

I was testing Harmony Connect's Data Loss Prevention feature, and it doesn't seem to work.

1. I have created the Internet Access Rule as below:

ActionNameSourceDestinationContent
Block<name><Network & Users><email category> & <mail client applications><source code, MAC, PCI cards>

 

2. Set the SSL Inspection to Full Inspection. 

3. Downloaded and imported the certificate to my computer's certificate store (Trusted Root Certificates)

4. Made sure to remove O365 objects from SSL inspection exception.

5. Activated full inspection on any site. 

 

I'm still able to send MAC addresses, Source Code, Credit Cards numbers via email.

 

In the traffic logs I can see that HTTPS Inspection action is Inspect not Bypass and yet nothing's happening.

Screenshot 2023-09-29 121353.png

 

Is there something that I'm missing out? 

 

Thank you,

 

 

0 Kudos
5 Replies
Shay-Mech
Employee
Employee
‎2023-09-29 01:22 AM

Thank you for bringing this issue to our attention, we will take a closer look at this and will update you as soon as possible

0 Kudos
chethan_m
Collaborator
‎2023-09-29 01:44 AM
In response to Shay-Mech

Thank you. 

Few more info from logs:

  • Action: Redirect
  • Inspection Action: Inspect
  • File Operation (Data Type Name): Source Code

Result: Email delivered with source code

Screenshot 2023-09-29 140951.png

Screenshot 2023-09-29 141014.png

Any Idea where It's redirected to? According to policy the traffic must be blocked.

0 Kudos
Tamir_Mitnitski
Employee
Employee
‎2023-09-29 09:26 AM
In response to chethan_m

Hi Chethan,

After discussing with our team, I recommend we elevate this to a Service Request. This way, our TAC team can take a closer look at the use-case and the issue at hand.

As for the redirect action, this action is usually used to redirect users to notify them of a blocked HTTPS site or a certificate warning.

Thanks!

0 Kudos
chethan_m
Collaborator
‎2023-09-29 11:35 AM
In response to Tamir_Mitnitski

Thank you, Tamir. I have opened the SR now. Will update the progress here too.

0 Kudos
EY
Contributor
‎2023-10-10 05:16 PM

I thought it was a requirement (per sk179817) to install the HTTPS inspection certificate in both Trusted Root Certification Authorities and Third Party Root Certification Authorities.

0 Kudos
Upcoming Events

    CheckMates Events