Enabling DLP
DLP may be enabled for any virtual path (see Defining virtual paths). This gives you the power and flexibility to limit DLP at the directory, user or group level depending on your needs.
To enable DLP for a virtual path, select the virtual path and click Edit
. Next, click the Enable DLP
option followed by the Settings
button to define which DLP functionality should be applied to the virtual path.
DLP functionality can be availed through either of these two options:
-
Via the built-in DLP processor, or
-
Via an external provider using an ICAP service
Using the built-in DLP processor
To use the built-in DLP processor, select Use Rules. To use the external provider, select Use ICAP
.
When you select the Use Rules
option and click on the Rules
button, you'll be presented with a list of DLP rules (if any exist). See Creating DLP Rules.
Rules are processed in order. The first rule to match determines access level. Use the "Up" and "Down" buttons to change the order in which rules are processed.
To add a rule, click the Add
button. You'll then be asked to specify the DLP entry parameters.
DLP rule - The DLP rule to add.
Access - The level of access to grant when DLP rule regular expression is matched. The allow all
option allows access and raises a DLP Rule Matched
trigger event. The deny all
option denies access and raises a DLP Rule Matched
trigger event. The deny ad-hoc
option denies access to email recipients via ad-hoc file transfer and raises a DLP Rule Matched
event.
Enabled - Enables/disables DLP rule.
When you choose Use ICAP
, MFT Server will act as a DLP client. Meaning, it will send requests to an ICAP server to determine whether content violates any DLP rules. Unlike in the previous option (which uses the built-in DLP processor) where the rules reside in MFT Server, the rules reside on the DLP server.
The allow all
option allows access and raises a DLP Rule Matched
trigger event. The deny all
option denies access and raises a DLP
Rule Matched
trigger event. The deny ad-hoc
option denies access to email recipients via ad-hoc file transfer and raises a DLP Rule
Matched
event.