Does Symantec Data Loss Prevention (DLP) Network Discover supports scanning NFS shares that are encrypted using IPsec or require certificate-based authentication.

• Data Loss Prevention Network Discover
• Linux Discover Servers
• NFS Storage using IPsec or Certificate Authentication

Data Loss Prevention does not have to directly manage IPsec encryption or certificate-based handshakes for NFS connections. However, DLP can scan these shares by leveraging the Linux operating system's native mounting capabilities.

Implementation Steps

1. Mount at OS Level: The Linux and Storage teams must configure the IPsec tunnel or certificate authentication on the Linux Discover server itself.
2. Verify Mount Point: Ensure the share is successfully mounted to a local directory (e.g., /mnt/nfs_encrypted).
3. Configure Discover Target:
   • In the Enforce Console, create a new Network Discover target.
   • For the Scanned Content, use the local path where the share is mounted (e.g., file:/mnt/nfs_encrypted).
   • Note: Do not use the nfs:// syntax in the Enforce console if the OS is already managing the mount; treat it as a local file system scan.