Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
16-31
Cisco AsyncOS 8.5 for Email User Guide
Chapter 16 Data Loss Prevention
RSA Enterprise Manager
•
The Email Security appliance uses the Data Loss Prevention mode specified at the lowest cluster
level where this setting is configured. For example, if a clustered appliance is configured to use the
local RSA Email DLP mode at machine level and RSA Enterprise Manager at the cluster level, the
appliance uses RSA Email DLP for data loss prevention and does not communicate with Enterprise
Manager.
level where this setting is configured. For example, if a clustered appliance is configured to use the
local RSA Email DLP mode at machine level and RSA Enterprise Manager at the cluster level, the
appliance uses RSA Email DLP for data loss prevention and does not communicate with Enterprise
Manager.
About Deleting and Disabling Policies in Enterprise Manager Deployments
Deleting and Disabling DLP Policies
•
To delete DLP policies, use Enterprise Manager.
•
To disable or enable DLP policies, use the Email Security appliance. Go to Mail Policies > DLP
Policy Manager.
Policy Manager.
Any outgoing mail policies associated with the disabled DLP policy will skip the policy when
evaluating messages for DLP violations.
evaluating messages for DLP violations.
Deleting Outgoing Mail Policies
If you try to delete an outgoing mail policy that is linked to a DLP policy, the Email Security appliance
displays a message warning you that the mail policy is currently in use. If you delete the policy anyway,
Enterprise Manager automatically unlinks the deleted outgoing mail policy from any DLP policy that
used it. Other than not scanning for messages based on the configuration of the deleted mail policy, DLP
scanning continues to work as before. The next DLP policy package sent to the Email Security appliance
by Enterprise Manager will not include anything related to the deleted mail policy.
displays a message warning you that the mail policy is currently in use. If you delete the policy anyway,
Enterprise Manager automatically unlinks the deleted outgoing mail policy from any DLP policy that
used it. Other than not scanning for messages based on the configuration of the deleted mail policy, DLP
scanning continues to work as before. The next DLP policy package sent to the Email Security appliance
by Enterprise Manager will not include anything related to the deleted mail policy.
Lost Connectivity Between the Email Security Appliance and Enterprise
Manager
Manager
If connectivity between the Email Security appliance and Enterprise Manger is lost, any data that the
appliance and Enterprise Manager cannot send is queued for delivery until the connection is restored.
For the Email Security appliance, that means any data on messages containing possible DLP violations
is queued. For Enterprise Manager, that means any data packages with new DLP policy information are
queued. If the Email Security appliance does not receive updated DLP policy data from Enterprise
Manager, the appliance continues to use the DLP policies it had previously received from Enterprise
Manager.
appliance and Enterprise Manager cannot send is queued for delivery until the connection is restored.
For the Email Security appliance, that means any data on messages containing possible DLP violations
is queued. For Enterprise Manager, that means any data packages with new DLP policy information are
queued. If the Email Security appliance does not receive updated DLP policy data from Enterprise
Manager, the appliance continues to use the DLP policies it had previously received from Enterprise
Manager.
Related Topics
•
Switching from Enterprise Manager to RSA Email DLP
If you want to go back to using RSA Email DLP for data loss prevention after using RSA Enterprise
Manager, see
Manager, see
The Email Security appliance automatically reverts back to the RSA Email DLP policies it used before
you configured it to use RSA Enterprise Manager mode. If the appliance did not use any local DLP
policies when it was in RSA Email DLP mode, the appliance will continue to use the DLP policies from
Enterprise Manager until you create a local DLP policy.
you configured it to use RSA Enterprise Manager mode. If the appliance did not use any local DLP
policies when it was in RSA Email DLP mode, the appliance will continue to use the DLP policies from
Enterprise Manager until you create a local DLP policy.