Enterprise DLP
Set Up the Email DLP Host
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Set Up the Email DLP Host
Create a route from Gmail to the Enterprise Data Loss Prevention (E-DLP) Email DLP host.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Set up routing from Gmail to the Enterprise Data Loss Prevention (E-DLP) Email DLP Host is required
allow Gmail to forward emails to Enterprise DLP for inspection and verdict
rendering to prevent exfiltration of sensitive data.
- Log in to the Google Admin portal.In the Dashboard, select AppsGoogle WorkspaceGmailHosts and Add Route.Configure the Email DLP host.
- Enter a descriptive Name.In Specify email server, verify Single host is selected.Enter the host name and port.Adding the Email DLP host name is required for positive identification of the Enterprise DLP cloud service. The CA issuer FQDN you add must match the email routing FQDN you added in the previous step.
- APAC—mail.asia-southeast1.email.dlp.paloaltonetworks.comEurope—mail.europe-west3.email.dlp.paloaltonetworks.comUnited States—mail.us-west1.email.dlp.paloaltonetworks.comPort—25For the Options, verify the following settings are enabled.
- Require mail to be transmitted via a secure (TLS) connection
- Require CA signed certificate
- Validate certificate hostname
Test TLS connection to verify Gmail can successfully connect to Enterprise DLP.Save.Back in the Hosts page, verify that the Email DLP host is displayed.Set Up a Proofpoint Server for Email Encryption.This is required to encrypt emails inspected by Enterprise DLP that match your encryption Email DLP policy rule.Skip this step if you already configured routing to your Proofpoint server.Create Gmail Transport Rules.After you successfully set up the Email DLP host on Gmail, you must create the Gmail transports rule to instruct Gmail to forward emails to Enterprise DLP and establish the actions Gmail takes based on verdicts rendered by Enterprise DLP.A transport rule isn't required for emails that match your Email DLP policy where the action is set to Monitor. In this case, Enterprise DLP adds x-panw-action - monitor to the email header, a DLP incident is created, and the email continues to its intended recipient.