Enterprise DLP
Create a Gmail Quarantine Transport Rule
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Create a Gmail Quarantine Transport Rule
Create a Gmail quarantine transport rule to quarantine and forward a quarantined
email to Gmail hosted quarantine for approval after inspection by Enterprise Data Loss Prevention (E-DLP).
- Log in to the Google Admin portal.In the Dashboard, select AppsGoogle WorkspaceGmailCompliance.In the Content compliance section, Add Another Rule.Configure the quarantine transport rule.
- In the Content compliance field, enter a descriptive name for the transport rule.For the Email messages to affect, select Outbound.This instructs Gmail to forward the email to Enterprise DLP before it leaves your network when the email recipient is outside your organization.Configure email forwarding to Enterprise DLP for emails that have not been inspected.
- In the Add experiences that describe the content you want to search for in each message section, select If ANY of the following match the message.
- Add.
- In the Add setting page, select Advanced content match.
- For the Location, select Full Headers.
- For the Match type, select Starts with.
- For the Content, enter x-panw-action: quarantine.
- Save.
Configure the action Gmail takes for emails that need to be quarantined.- In the If the above expressions match, do the following section, select Quarantine message.
- In the Move the message to the following quarantine, select the Gmail quarantine inbox you want to forward emails that need to be reviewed by an email administrator.
- Enable Notify sender when email is quarantined (onward delivery only).
Configure the types of Gmail accounts the transport rule affects.- Show Options.After you expand the options menu, the button displays Hide Options.
- In the Account types to affect section, select Users, Groups, and Unrecognized / Catch-all.
Save.Verify that the email transport rule was successfully added and that the Status is Enabled.An email administrator must review and allow or reject quarantined emails forwarded to the quarantine mailbox.Due to a Gmail limitation, SaaS Security generates two Email DLP logs (ManageConfigurationSaaS SecurityData SecurityLogsEmail DLP Logs) when a quarantined email is allowed. The first Email DLP log describes the initial outbound email blocked by Email DLP. The second Email DLP log describes the allowed outbound email that is sent back to Enterprise DLP to add x-panw-inspected: true and x-panw-action: monitor to the email header before it continues on its path to the intended recipient.