Data Loss Prevention

 View Only
  • 1.  Which TAPs are reporting

    Posted Sep 21, 2012 11:05 AM

    I am in process of taking over an existing installation of DLP (11.0).

     

    We have a network prevent for email server. I am trying to figure out which TAPs are reporting to the server. It is MS Exchange Server and Ironport at gateway. I did 'netstat -a' and I get the connected IPs. Is this the right information to start figuring out where are the TAPs?

     

    Thanks in advance.



  • 2.  RE: Which TAPs are reporting

    Posted Sep 24, 2012 10:08 AM

    Manish,

    I think there might be some confusion. It sounds like you are monitoring Exchange and Ironport for email. In this situation it sounds like you may be using the Prevent functions which I would imagine are not using TAPs for monitoring. If you are looking to monitor traffic in the same manner but at both the points you mentioned, then I would imagine you are using the TAPs. Identifying the TAPs that are sending data though, may simply be a matter of identifying which connection is plugged into which NIC. As long as the NIC is showing packets coming in you should be in good shape. You will also want to check the server configuration page to verify that you have enabled monitoring on the NIC's that are active.

    Viewing IP's can potentially help you as well if you know what the IP ranges you should be seeing are. Unfortuantely deciphering IP information gets a little more difficult than looking at the base of the server configuration as I outlined above.



  • 3.  RE: Which TAPs are reporting

    Posted Sep 24, 2012 11:18 AM

    I am going with shawn, i am a little confused also as when we tlak span/tap ports we talk more specifically on the network monitor side.

     

    As for the email solution they should be inline and have a cost from 10-40 for the routing. you can also look under the config settings and see what set as the next ips also.