By design, DLP endpoint agents, Detection servers and Enforce communicate on demand, whenever network connectivity is available. It is not recommended to play around this. While, not recommended you may still achieve what you are looking for via the below:
a) Add a secondary NIC card to the concerned detection server. Example:
- Primary NIC: 192.168.1.2
- Secondary NIC: 192,168.1.40
b) Ensure that all other DLP servers are communicating with the hostname and not IP
c) Configure all DLP servers to use 'hosts' lookup and provide the Primary NIC IP in the hosts file.
This way all DLP components/servers will communicate with the concerned detection server over the Primary NIC interface. Moreover, any management activity or communication with other Active Directory components will happen via the secondary NIC.
d) Create two batch files as the below:
- Enable.bat - netsh interface set interface "Primary interface" ENABLE
- Disable.bat - netsh interface set interface "Primary Interface" DISABLE
e) Schedule the Enable/Disable scripts according to your schedule requirements.
This way the concerned DLP detection server will send incidents only when the NIC card is in an Enabled state
Note: This is not a recommended configuration as it may cause the below issues:
- Flood of incidents when the NIC is enabled. This may cause extremely high bandwidth utilization.
- Too much disk space usage on the DLP detection server due to queuing of incidents in cache.