Руководство Пользователя для Cisco Cisco Email Security Appliance C160
11-31
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
Connectivity Between the Email Security Appliance and Enterprise Manager
In cases where connectivity between the Email Security appliance and Enterprise Manger is lost, any
data that the appliance and Enterprise Manager cannot send is queued for delivery until the connection
is restored. For the appliance, that means any data on messages containing possible DLP violations is
queued. For Enterprise Manager, that means any data packages with new DLP policy information are
queued. In cases where the appliance does not receive updated DLP policy data from Enterprise
Manager, the appliance continues to use the DLP policies it had previously received from Enterprise
Manager.
data that the appliance and Enterprise Manager cannot send is queued for delivery until the connection
is restored. For the appliance, that means any data on messages containing possible DLP violations is
queued. For Enterprise Manager, that means any data packages with new DLP policy information are
queued. In cases where the appliance does not receive updated DLP policy data from Enterprise
Manager, the appliance continues to use the DLP policies it had previously received from Enterprise
Manager.
Using Enterprise Manager with Clustered Appliances
If you are using Enterprise Manager to manage the DLP policies for clustered Email Security appliances,
be aware of the following:
be aware of the following:
•
The Email Security appliance sends Enterprise Manager the outgoing mail policies and message
actions from the lowest cluster level where these settings are configured. If these settings are
configured differently at the cluster and machine level, the Email Security appliance sends
Enterprise Manager the settings from the machine level. If you want to use the outgoing mail
policies and message actions configured at a higher cluster level, delete the policies and actions
defined at the lower levels that you do not want to use.
actions from the lowest cluster level where these settings are configured. If these settings are
configured differently at the cluster and machine level, the Email Security appliance sends
Enterprise Manager the settings from the machine level. If you want to use the outgoing mail
policies and message actions configured at a higher cluster level, delete the policies and actions
defined at the lower levels that you do not want to use.
•
The Email Security appliance uses the Data Loss Prevention mode used at the lowest cluster level
where this setting is configured. For example, if a clustered appliance is configured to use the local
RSA Email DLP mode at machine level and RSA Enterprise Manager at the cluster level, the
appliance uses RSA Email DLP for data loss prevention and does not communicate with Enterprise
Manager.
where this setting is configured. For example, if a clustered appliance is configured to use the local
RSA Email DLP mode at machine level and RSA Enterprise Manager at the cluster level, the
appliance uses RSA Email DLP for data loss prevention and does not communicate with Enterprise
Manager.
Configuring Per-Recipient Policies for DLP
You configure outgoing mail policies to use your DLP policies differently depending on whether you are
using RSA Email DLP or RSA Enterprise Manager. For RSA Email DLP, you assign DLP policies to the
mail policies using the Email Security appliance. For RSA Enterprise Manager, you assign the Email
Security appliance’s mail policies to DLP policies using Enterprise Manager.
using RSA Email DLP or RSA Enterprise Manager. For RSA Email DLP, you assign DLP policies to the
mail policies using the Email Security appliance. For RSA Enterprise Manager, you assign the Email
Security appliance’s mail policies to DLP policies using Enterprise Manager.
RSA Email DLP
You enable RSA Email DLP policies on a per-recipient basis using the Mail Policies > Outgoing Mail
Policies page (GUI) or the
Policies page (GUI) or the
policyconfig
command (CLI). You can enable different DLP policies for the
different outgoing mail policies. You can only use DLP policies in outgoing mail policies.
DLP scanning takes place after the Outbreak Filters stage of the email “work queue.” See
for more information.