Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chethan_m
Collaborator

Hamony Connect - DLP not working

Hi Everyone,

I was testing Harmony Connect's Data Loss Prevention feature, and it doesn't seem to work.

1. I have created the Internet Access Rule as below:

ActionNameSourceDestinationContent
Block<name><Network & Users><email category> & <mail client applications><source code, MAC, PCI cards>

 

2. Set the SSL Inspection to Full Inspection. 

3. Downloaded and imported the certificate to my computer's certificate store (Trusted Root Certificates)

4. Made sure to remove O365 objects from SSL inspection exception.

5. Activated full inspection on any site. 

 

I'm still able to send MAC addresses, Source Code, Credit Cards numbers via email.

 

In the traffic logs I can see that HTTPS Inspection action is Inspect not Bypass and yet nothing's happening.

Screenshot 2023-09-29 121353.png

 

Is there something that I'm missing out? 

 

Thank you,

 

 

0 Kudos
5 Replies
Shay-Mech
Employee
Employee

Thank you for bringing this issue to our attention, we will take a closer look at this and will update you as soon as possible

0 Kudos
chethan_m
Collaborator

Thank you. 

Few more info from logs:

  • Action: Redirect
  • Inspection Action: Inspect
  • File Operation (Data Type Name): Source Code

Result: Email delivered with source code

Screenshot 2023-09-29 140951.png

Screenshot 2023-09-29 141014.png

Any Idea where It's redirected to? According to policy the traffic must be blocked.

0 Kudos
Tamir_Mitnitski
Employee
Employee

Hi Chethan,

After discussing with our team, I recommend we elevate this to a Service Request. This way, our TAC team can take a closer look at the use-case and the issue at hand.

As for the redirect action, this action is usually used to redirect users to notify them of a blocked HTTPS site or a certificate warning.

Thanks!

0 Kudos
chethan_m
Collaborator

Thank you, Tamir. I have opened the SR now. Will update the progress here too.

0 Kudos
EY
Contributor

I thought it was a requirement (per sk179817) to install the HTTPS inspection certificate in both Trusted Root Certification Authorities and Third Party Root Certification Authorities.

0 Kudos
Upcoming Events

    CheckMates Events