What happens to DLP Network Prevent for Email if the SMG server goes down

book

Article ID: 184560

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

Symantec Data Loss Prevention (DLP)
Symantec Messaging Gateway (SMG)

Customer needs to plan for disaster recovery.

Cause

Test a disaster scenario if the SMG server is shutdown.

Environment

DLP 15.5 and WIndows server 2012 R2 

Resolution

DLP NP for mail can be configured to bypass:
By default, outbound email bypasses Data Loss Prevention Network Prevent if all Data Loss Prevention Network Prevent servers are unavailable. Read SMG Admin guide
If SMG goes down, no email filtering will happen, email in the Queue will be kept there.
NP for mail doesn't depend on SMG for functioning, and it will inspect any email from any source that is configured. However, if no email is received, it just doesn't process anything. Obviously if email is coming in for inspection and it requires a remediation rule from SMG, such as Quarantine, it won't happen. Email will continue going out if MX lookup is enabled/disabled in Next Hop Configuration, and any other host/domain is available. 

Email team can assist with configuration: Email servers/MTAs can be configured for failures of downstream servers.

For more information consult our implementation guides located here https://help.symantec.com/cs/dlp15.0/DLP/id-SF0B0152826_v120691346/Implementing-Network-Prevent-for-Email?locale=EN_US