cancel
Showing results for 
Search instead for 
Did you mean: 
ri3aldi3
Level 7

NDLP Prevent with Fortigate

Dear All,

Please suggest me how to integrate NDLP Prevent with Fortigate, because i configure at fortigate using icap get result the icap is error. (error attached). Please let me know how make this issue solved, specially from mcafee prespective.

Thank you

rie

0 Kudos
4 Replies
mdnramos
Level 11

Re: NDLP Prevent with Fortigate

Hi Rie,

Apologies for the delay on getting a response about this query. Is this still an issue?

If so, can you advise what version of Network DLP you are using? Additionally:

- Is this Prevent appliance scanning both SMTP and ICAP requests?

- Make sure only REQMOD is sent to the Prevent appliance (it cannot process RESPMOD requests)

I also suggest you have a look at our Knowledge Base, article http://kc.mcafee.com/corporate/index?page=content&id=KB77088 should be a good place to start.

Let us know if you need further assistance.

Kind regards,

Marcelo

0 Kudos
geek
Level 10

Re: NDLP Prevent with Fortigate

Hi,

Could you solve this issue?

i try to integrate NDLP Prevent with Fortigate and have the same issue. Also could you tell what did you paste into "Path" field on Fortigate side?

DLPPrevent_Fortinet.jpg

In fortinet docs I found next: "Path - This is the path on the server to the processing compent. For instance if the Windows

share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”" so I need to understand what is the path on DLP Prevent server to the processing component. Any idea?

PS I tried: blank, /DLP, /reqmod but without success.

Message was edited by: geek on 1/30/14 2:56:59 PM GMT+03:00

Message was edited by: geek on 1/30/14 2:58:07 PM GMT+03:00
0 Kudos
rtrezza
Level 7

Re: NDLP Prevent with Fortigate

With other ICAP clients, the path is set to:

icap://<ip address of dlp-prevent:1344/reqmod

I see in your screenshot that the Fortigate uses a list box for the server and text box for path, so I would first try

/reqmod

As the path.

I would also run tcpdump on the Prevent to make sure the Fortigate is sending to the correct port

#tcpdump -i eth1 port 1344

0 Kudos
geek
Level 10

Re: NDLP Prevent with Fortigate

Hi rtrezza,

Thnks for your reply!

I understand that this question is must be addressed to Fortinet guys but if you could help me I will be very appreciate.

When we configure icap from fortigate side we need to do 2 steps:

1. Icap Server where we can define only ip and port

1.jpg

2 Profile. Where we can define request\response processing with icap server from step 1 and path.

2.jpg

With this config and default configuration on McAfee DLP Prevent I see next communication betwen fortigate and mcafee dlp:

link to pcap file: http://yadi.sk/d/LPH5PTGmH4Jij

Thanks in advacne for your help!

Regards,

Alexandr.

0 Kudos