1. Open command line
  2. Change to the location of the test files example:

cd C:\Users\user1\Desktop

  1. Connect to the DLPTest.com FTP Server

ftp ftp.dlptest.com

  1. Use the following username and password

User: dlpuser

Password: yc#KtFCR5kBp

  1. Change to the 24 hour folder

cd 24_Hour

  1. Run a put to upload the test file

put testdoc.docx

Note: The files in the folder will clear out every 24 hours

  1. Compile a list of the Exchange and edge MTA IP Addresses
  2. Within the edge MTA settings update the Allow Relay and add in the new DLP Email Prevent IP Addresses
  3. Within the DLP Email Prevent configuration make sure to setup the forward address to the MTA IP Address, add in the allow relay to only allow Exchange to send to Email Prevent, and validate the port to accept and relay are correct (25 is most cases)
  4. On Exchange create a new send connector to point to a test domain in which a test email address is hosted. Example the send connector could be for gmail.com and all email sent to Gmail would go through Email Prevent
  1. Validate that the proxy is setup to send all PUT/POSTS to the Web Prevent servers via ICAP
  2. Validate that the browser on the test workstation is being filtered by the proxy
  3. Enable a test social security number and credit card number policy
  4. Copy the sample test data for the dlptest.com/sample-data page
  5. Post to sample test data on the dlptest.com/http-post and dlptest.com/https-post
  6. The last recommendation is run through the testing first in a monitor mode and then turn on blocking and run through the testing again
  1. If Email Prevent is already in production you can follow the next steps without any issue, if Email Prevent is not in production follow the steps for initial Email Prevent testing
  2. Enable a test social security number and credit card number policy
  3. Copy the sample test data for the dlptest.com/sample-data page
  4. Created a text or Word document with the sample data and upload the text or Word document to dlptest.com/ftp-post
  5. Run a few email tests to an external email address to validate incidents are created when the sample data is in attachments and within the email body
  6. The last recommendation is run through the testing first in a monitor mode and then turn on blocking and run through the testing again
  1. Validate that the Network Monitor is see both HTTP and FTP traffic by looking a traffic stats
  2. Enable a test social security number and credit card number policy
  3. Copy the sample test data for the dlptest.com/sample-data page
  4. Post to sample test data on the dlptest.com/http-post
  5. Created a text or Word document with the sample data and upload the text or Word document to ftp://ftp.dlptest.com/24_Hour/. If you are not sure how to complete an FTP Upload, there is another FAQ below for this action.
  6. Network Monitor is a monitor only device so you are unable to test block
  7. If you are not seeing incidents troubleshooting can be done by running a Wireshark capture on the Network Monitor to validate the correct traffic is being seen
  1. Enable monitoring web browsers and FTP transfer channels
  2. Enable a test social security number and credit card number policy
  3. Copy the sample test data for the dlptest.com/sample-data page
  4. Post to sample test data on the dlptest.com/http-post and dlptest.com/https-post
  5. Created a text or Word document with the sample data and upload the text or Word document to ftp://ftp.dlptest.com/24_Hour/. If you are not sure how to complete an FTP Upload, there is another FAQ below for this action.
  6. The last recommendation is run through the testing first in a monitor mode and then turn on blocking and run through the testing again