Enterprise DLP
Set Up the Email DLP Host
Table of Contents
Set Up the Email DLP Host
Create a route from Gmail to the
Enterprise Data Loss Prevention (E-DLP)
Email DLP host.Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Set up routing from Gmail to the
Enterprise Data Loss Prevention (E-DLP)
Email DLP Host is required
allow Gmail to forward emails to Enterprise DLP
for inspection and verdict
rendering to prevent exfiltration of sensitive data.- In the Dashboard, select .
- Add Routeto the Email DLP host.
- Configure the Email DLP host.
- Enter a descriptiveName.
- InSpecify email server, verifySingle hostis selected.
- Enter the host name and port.Adding the Email DLP host name is required for positive identification of the Palo Alto Networks DLP cloud service. The CA issuer FQDN you add must match the email routing FQDN you added in the previous step.
- United States—mail.us-west1.email.dlp.paloaltonetworks.comEurope—mail.europe-west3.email.dlp.paloaltonetworks.comAPAC—mail.asia-southeast1.email.dlp.paloaltonetworks.comPort—25
- For theOptions, verify the following settings are enabled.
- Require mail to be transmitted via a secure (TLS) connection
- Require CA signed certificate
- Validate certificate hostname
- Test TLS connectionto verify Gmail can successfully connect toEnterprise DLP.
- Save.
Back in the Hosts page, verify that the Email DLP host is displayed.
After you successfully set up the Email DLP host on Gmail, you must create the Gmail transports rule to instruct Gmail to forward emails toEnterprise DLPand establish the actions Gmail takes based on the quarantine or block verdicts rendered byEnterprise DLP.A transport rule is not required for emails that match your Email DLP policy where the action is set toMonitor. In this case, thex-panw-action - monitoremail header is added, a DLP incident is created, and the email continues to its intended recipient.
