Video Screencast Help

DLP single-tier installation

Created: 29 Oct 2012 • Updated: 04 Dec 2012 | 18 comments
UFO's picture
This issue has been solved. See solution.

I have installed SDLP 11.6 in a single-tier installation.

Now I have Enforce and Endpoint servers active on a single physical server. And the Endpoint server is actually Endpoint Discover.

Question: How to install Endpoint Prevent server? Should I install it on a separate server?

Right now I can create policies and generate incidents based on Endpoint, but cannot see that any of responce rules work.

Comments 18 CommentsJump to latest comment

pete_4u2002's picture

do you have the license for the endpoint prevent ? if yes, the same server can act as prevent server.

 

UFO's picture

Yes, I have license for Enpoint Prevent. Thus, SHould I only check if my response rules are correct? In other words, how could I verify if Enpoint Prevent is really working?

STS: DLP

yang_zhang's picture

YES, you are right. You can create a response rule as end user block to test for your Endpoint Prevent. Then create a policy to use this response rule. Defaultly, if you coy a sensitive file to the USB flash-disk, there will be a notification to block your copy.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
UFO's picture

Still unclear. If I set up response rule to just notify user, this works. Well, when I put response to block (e.g. USB copy) this doesn't work. Does Enpoint Discover provide notification functionality? If so, then I do not have Enpoint Prevent in place.

STS: DLP

pete_4u2002's picture

check under license tab for the modules you have purchased license for

UFO's picture

I do have license for Enpoint Prevent.

The question is: If I install SDLP in single-tier, where and how should I install Endpoint Prevent? In single-tier I have Oracle and Enforce servers on one physical server. Then in Enforce I can add Endpoint server (system doesn't say if it is Discover or Prevent, but it works as Discover, obviously). So, how do I add (install) Endpoint Prvent? On separate server? Or this "Endpoint" server in single-tier is Discover and Prevent too?

STS: DLP

pete_4u2002's picture

this is how it works, while installing you are asked to install detection server. once installed you need to activate license. the license will be act whether its prevent, monitor, discover etc.

 

UFO's picture

ok, and in single tier - Endpoint server acts as Detection only or as both Detection and Prevent?

STS: DLP

pete_4u2002's picture

yes, it acts provided the license is available, i have copied the screen shot for the license on my server.

you can verify on your system , login into DLP console -->System ---> Settings--->  General

SOLUTION
UFO's picture

Pete, sorry. You say: "yes, it acts provided the license is available". I didn't understand that. Well, is it Detection of both Detection and Prevent. I have license for both.

STS: DLP

pete_4u2002's picture

:-), can you post the screen shot of the license page.

if you have both and activated on enforcer then it will detect as well as prevent (endpoint)

UFO's picture

Am I right: it is now only one Detection server for endpoint, that acts as both Endpoint Discover and Enpoint Prevent and it is called Endpoint Prevent?

LICENSE: looks the same as you have posted previously, both ED and EP are licensed.

STS: DLP

pete_4u2002's picture

yes it is, can you check by testing if prevent and discover works.

UFO's picture

Thanks. Discover works 100%. Prevent - don't know, if I set Notify User response rule - it does work, but preventing e.g. file from being copied to external USB flash drive - not working. 

STS: DLP

UFO's picture

You know why it was not working? The response rule trigger was set up for severity=Low. I have checked all Severity choices (using Ctrl) thus making response rule set to execute always and it has worked.

STS: DLP

stumunro's picture

if you are unsure what a license is for open it up in notepad it will tell you everything you need to know.

see example below

<name>DLP Network Protect</name>
<version>11.5</version>
<start_date>2012-04-16</start_date>
<end_date>2013-06-15</end_date>
<count>5</count>
<warn_policy>1,120</warn_policy>
<grace_policy>1,60</grace_policy>