Configuring the protector

Configure the protector in the Forcepoint Security Manager:

Steps

  1. Go to the Settings > Deployment > System Modules page.
  2. Select the protector instance.
  3. On the General tab, select Enabled.
  4. On the Local Networks tab, select Include specific networks, then add all of the internal networks for all sites.
    • This list is used to identify the direction of the traffic.
    • The mail servers and mail relays should be considered part of the internal network.
  5. On the Services tab:
    1. Select the SMTP service.
    2. On the General tab, set the Mode to Mail Transfer Agent (MTA).
    3. On the Mail Transfer Agent (MTA) tab, set the Operation Mode to Blocking and select the behavior desired when an unspecified error occurs during analysis.
    4. Set the SMTP HELO name. This is required.
    5. Set the next hop MTA (for example, the organization’s mail relay), if needed.
    6. Set the addresses of all networks that are permitted to relay email messages through the protector.
      • This is required, as it is important that not all networks have permission to send email via the protector’s SMTP service. Otherwise, the protector can be used as a mail relay.
      • This list should include the addresses of any previous hops, such as the mail server.
  6. Click OK to save the configuration.
  7. Go to the Main > Policy Management > DLP Policies page.
  8. Select a policy rule to use for email management, then click Edit.
  9. Complete the fields as follows:
    1. Select Destinations, and check the Network Email box.
    2. Select Severity & Action, then select an action plan that includes notifications.
      Note: For more information about action plans, see the Forcepoint DLP Administrator Help.
    3. Click OK to save the policy configuration.
  10. Click Deploy to activate the settings.