Set Up the Email DLP Host

Table of Contents

Set Up a Proofpoint Server for Email Encryption

Create a route from Gmail to the Enterprise Data Loss Prevention (E-DLP) Email DLP host.

Where Can I Use This?	What Do I Need?
Data Security	One of the following licenses that include the Enterprise DLP license Review the Supported Platforms for details on the required license for each enforcement point. Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license Email DLP license

Enterprise Data Loss Prevention (E-DLP) requires you set up routing from Gmail to the Enterprise DLP Email DLP Host to allow Gmail to forward emails to Enterprise DLP for inspection and verdict rendering to prevent exfiltration of sensitive data.

Log in to the Google Admin portal.
In the Dashboard, select AppsGoogle WorkspaceGmailHosts and Add Route.
Configure the Email DLP host.
1. Enter a descriptive Name.
2. In Specify email server, select Single host if not already selected.
3. Enter the host name and port.
  Enterprise DLP requires adding the Email DLP host name for positive identification of the Enterprise DLP cloud service. The CA issuer FQDN you add must match the email routing FQDN you added in the previous step.
  
  Expand all
  
  Collapse all
  
  APAC
  
  mail.asia-southeast1.email.dlp.paloaltonetworks.com
  Code copied to clipboard
  
  Unable to copy due to lack of browser support.
  Australia
  
  mail.australia-southeast1.email.dlp.paloaltonetworks.com
  Code copied to clipboard
  
  Unable to copy due to lack of browser support.
  Europe
  
  mail.europe-west3.email.dlp.paloaltonetworks.com
  Code copied to clipboard
  
  Unable to copy due to lack of browser support.
  India
  
  mail.asia-south1.email.dlp.paloaltonetworks.com
  Code copied to clipboard
  
  Unable to copy due to lack of browser support.
  Japan
  
  mail.asia-northeast1.email.dlp.paloaltonetworks.com
  Code copied to clipboard
  
  Unable to copy due to lack of browser support.
  United Kingdom
  
  mail.europe-west2.email.dlp.paloaltonetworks.com
  Code copied to clipboard
  
  Unable to copy due to lack of browser support.
  United States
  
  mail.us-west1.email.dlp.paloaltonetworks.com
  Code copied to clipboard
  
  Unable to copy due to lack of browser support.
4. For the Options, enable the following settings if not already enabled.
  Require mail to be transmitted via a secure (TLS) connection
  Require CA signed certificate
  Validate certificate hostname
5. Test TLS connection to verify Gmail can successfully connect to Enterprise DLP.
6. Save.
Back in the Hosts page, verify that you successfully created the Email DLP host.
Set Up a Proofpoint Server for Email Encryption.

Enterprise DLP requires this setting to encrypt inspected emails inspected that match your encryption Email DLP policy rule.

Skip this step if you already configured routing to your Proofpoint server.
Create Gmail Transport Rules.

After you successfully set up the Email DLP host on Gmail, you must create the Gmail transports rule to instruct Gmail to forward emails to Enterprise DLP and establish the actions Gmail takes based on verdicts rendered by Enterprise DLP.

Email DLP does not require a transport rule for emails that match your Email DLP policy when you configure the action to Monitor. In this case, Enterprise DLP adds x-panw-action - monitor to the email header, creates a DLP incident, and sends the email continues to the intended recipient.

Connect Gmail and Enterprise DLP

Set Up a Proofpoint Server for Email Encryption

Enterprise DLP Docs

Set Up the Email DLP Host

Enterprise DLP Docs

Set Up the Email DLP Host

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner

Technical Documentation

Company

Legal Notices