0 Replies Latest reply on Jun 7, 2013 11:06 AM by warlock003

    DLP 9.200 excluding an entire subnet 10.0.0.0/8

    warlock003

      Thank you for reading my post and assisting me. I currently administer a 9.200 HDLP console.

      I have been entering Web Destination URL's and I.P.'s example

      att.com

      wellsfargo.com

      10.1.2.10

       

      The scenario is that our internal communications need to be excluded.

      Our server and workstation subnet is 10.0.0.0

       

      We are looking to exclude our whole internal subnet.

      By excluding our whole server and workstation VLAN this wuold reduce MANY false positives.

       

      I have been entering web destination after web destination exclusions with no end in site.

       

      In other words for every site that a user post to a web server or a web form that is an internal communication

      I get dlp hit. The hits I am gettiong do have valid NPI or Pii so the rules are working correctly.

       

      We need to eliminate hits on valid spreadsheet or web post. the valid posts or data transfers are

      on our 10.0.0.0/8. These VALID business actions need to be excluded across the whole subnet.

       

      My questions are as follows how can I exclude the whole 10.0.0.0/ subnet

      I would welcome any and all suggestions as enting in URL after URL is brutal.

       

      I am thinking about setting up and productionizing a Network communication protection rule