Create a Gmail Email Transport Rule

1. Log in to the Google Admin portal.
2. In the Dashboard, select AppsGoogle WorkspaceGmailCompliance.
3. In the Content compliance section, Add Another Rule.

4. Configure the email transport rule.

   1. In the Content compliance field, enter a descriptive name for the transport rule.
   2. For the Email messages to affect, select Outbound.

      This instructs Gmail to forward the email to Enterprise DLP before it leaves your network when the email recipient is outside your organization.

   3. Configure email forwarding to Enterprise DLP for emails that have not been inspected.

      1. In the Add experiences that describe the content you want to search for in each message section, select If ANY of the following match the message.
      2. Add.
      3. In the Add setting page, select Advanced content match.
      4. For the Location, select Full Headers.
      5. For the Match type, select Not contains text.
      6. For the Content, enter x-panw-inspected.
      7. Save.

   4. Configure the action Gmail takes for emails that have already been inspected by Enterprise DLP, and the encryption settings.

      1. In the If the above expressions match, do the following section, enable Change Route.
      2. Select the Email DLP Host you created.
      3. For the Encryption (onward delivery only), select Require secure transport (TLS).

   5. Configure the types of Gmail accounts the transport rule affects.

      1. Show Options.
         After you expand the options menu, the button displays Hide Options.
      2. In the Account types to affect section, select Users, Groups, and Unrecognized / Catch-all.

   6. Save.
5. Verify that the email transport rule was successfully added and that the Status is Enabled.