Data Loss Prevention

Hello!

We are running 15.0 in a two tier environment with multiple Netwrork Monitor servers as well as Endpoint and Network Discover servers.

We have a need to perform discover scans in our DMZ but due to current configurations and internal 'rules' we cannot scan the DMZ with our current 'internal' discover servers.

I assume there is a way to stand up a Discover server in our DMZ for scanning but report back into the internal console? I have been coming up short on my searching on finding clear information on how to set this up properly any information or links to guides most welcome!

Thanks, 

Jennifer

Hi Jennifer

From a quick look, it looks like you need to confirm two things:

1)  Network routing exists between your DLP Enforce Console and DMZ DLP Discover server

2)  TCP 8100 is allowed within the path between DLP Enforce and DLP Discover (firewall rules, ACLs, etc)

Does this help?

Hi Matt,

We haven't built any new Discover server as of yet because we wanted to make sure what the requirements were (so that we could make certain with our netwrokign teams what needs to be done) before hand, and what the specs would be for this server that we want to be putting up in the DMZ to only act as a Discover for that environment and no other roles.

thx

Hi Jennifer

Is your end goal to have a Discover Server in the DMZ reporting back to your Enforce Console?

If you need server specs for the Discover server, check your versions Systems requirement's guide on the Syamntec support site.

an important fact to remember when creating firewall rules is that the communications between the Enforce and the Discover servers will always be initiated by the Enforce.  I've successfully done DMZ scanning in the past.

Source IP -> Dest IP | Port 8100 | TCP

Thanks! We do not have any firewalls btw our Enforce and Discover. But there is to the destination server(s)

I had read somewhere that from the Discover to the destination we would need ...

Discover -> file share port 445 for CIFS/SMB

Discover -> file share port 2049 for NFS

???

Actually you most definitely have a firewall between your enforce and discover if the Discover is in your DMZ. You probably don't have a firewall between servers within the DMZ.  Your design will probably look similar to the image i've attached.

Jenniferlf

You will need to open the ports that are used by the type of scan you are doing. 

Network Discover  >   Target Server     TCP    445    Allow    This is for CIFS shares

Network Discover  >  Target Server     TCP    2049    Allow    This is for NFS shares

Network Discover  >  SharePoint Target Server     TCP    80, 8080Allow    This is for SharePoint sites

Network Discover  >   MSSQL Target Server     TCP    1433  Allow    This is for MSSQL DB's  (This may be different if default is changed)

Network Discover  >   Oracle Target Server     TCP    1521 Allow    This is for Oracle DB's  (This may be different if default is changed)

WebScanner agent   > Network Discover    TCP    8090    Allow    This is for webscanner agent

Good Luck

Ronak

PLEASE MARKED SOLVED WHEN POSSIBLE