cancel
Showing results for 
Search instead for 
Did you mean: 
mattiaslasu
Level 7

External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

Hi all,

My goal is to setup McAfee Web Gataway as a proxy and my own external ICAP server that shall only receive ICAP respmod questions. It does not work at all.

Ok, I am using Wireshark to see the traffic between my ICAP server and the MWG and yes I see the options request from the MWG and it seems to work, my ICAP server are answer to them.

The Options request from MWG is coming every 10 sec.

I wonder if there are some documents regarding to setup an external ICAP server and using MWG as an ICAP client?

I have MWG 7 VMware installation.

I have imported the rule set from library for ICAP client and using default settings for the respmode (I have deleted the reqmod).

I get this error page when I try to reach google.se:

An internal error occured while processing your request.

URL: http://www.google.se/URL Categories: Search Engines
Current Rule ID: 18170
Current Rule Name: Call RespMod Server
Error Message: (16000) ICAP client filter error: no ICAP server available.

I do not know why there says “no ICAP server available” strange!

Can someone help me please.

Thanks

Mattias Lasu

0 Kudos
1 Solution

Accepted Solutions
jschnell
Level 9

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

Hello,

really hard to tell without an tcp dump, but from the text input: There is a '0' at the end of the OPTIONS response, which seems to be wrong there. As the encapsulated header says there isn't a body (null body) there must not be an 0 chunk to indicate the end of the response body .

Bye

Jan

0 Kudos
7 Replies
McAfee Employee

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

It just sounds like an ICAP server is not defined or is unavailable.

Can you run a tcpdump and see what the traffis shows?

~jon

0 Kudos
mattiaslasu
Level 7

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

Hi,

Here comes the tcp dump and a whireshark dump.

TCP dump is on the MGW and the whireshark dump is between my computer that my ICAP server is installed and the MGW 7 VMWare that is also installed on my computer.

And how can I upload the files?

Thanks for the help

/Mattias Lasu

0 Kudos
mattiaslasu
Level 7

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

Okay, I shall try to explain how the traffics look like.

Between my ICAP server and the MGW the Option request look like this:

“OPTIONS icap://192.168.10.59/respmod ICAP/1.0

Host: 192.168.10.59

User-Agent: McAfee Web Gateway 7.2.0

ICAP/1.0 200 OK

Methods: RESPMOD

Service-ID: NetClean

ISTag: "SD 010001010000000"

Encapsulated: null-body=0

Max-Connections: 2000

Options-TTL: 3000

Allow: 204

Preview: 4000

Transfer-Preview: *

X-Include: X-Client-IP

Connection: close

Transfer-Ignore: asp, bat, exe, com

0”

And when I try to get an image on a web site, its look like this:

“GET /test/NetClean_Img2.jpg HTTP/1.1

Via: 1.1 192.168.79.129 (McAfee Web Gateway 7.2.0.1.0.13253)

Host: netclean.com

Accept: */*

Cookie: __utma=133485585.287898897.1337607599.1341232664.1341315056.6; __utmz=133485585.1337607599.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SnapABugHistory=9#

Pragma: no-cache

Referer: http://netclean.com/test/net.htm

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)

Accept-Encoding: gzip, deflate

Accept-Language: sv-SE

X-Forwarded-For: 192.168.79.1

HTTP/1.1 200 OK

Content-Length: 210444

Content-Type: image/jpeg

Last-Modified: Mon, 01 Feb 2010 10:24:37 GMT

Accept-Ranges: bytes

ETag: "5c1aaac128a3ca1:fcbe7"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Date: Thu, 12 Jul 2012 06:09:19 GMT

......JFIF”

Not the hole image are coming maybe 2K.

The same images on the MGW using TCP dump looks like this:

“GET /test/NetClean_Img2.jpg HTTP/1.1

Via:HTTP/1.1 200 OK

Content-Length: 210444

C.........................................”

And the Option request on the MGW using TCP dump look like this:

“OPTIONS icap://192.168.10.59/respmod ICAP/ICAP/1.0 200 OK

Methods: RESPMOD

Service”

So why the MGW not showing the same traffic as on my real computer that’s is a question!

Thanks for the help

/Mattias Lasu

0 Kudos
jschnell
Level 9

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

Hello,

really hard to tell without an tcp dump, but from the text input: There is a '0' at the end of the OPTIONS response, which seems to be wrong there. As the encapsulated header says there isn't a body (null body) there must not be an 0 chunk to indicate the end of the response body .

Bye

Jan

0 Kudos
eelsasser
Level 15

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

I also do not actually see any ICAP RESPMOD request to your ICAP server either.

The OPTIONS request is simply a heartbeat and not related to the actual ICAP connection.

When you edit a message on this forum, click the 'Use advanced editor' link and you can attach a file.

Message was edited by: eelsasser on 7/12/12 3:29:53 AM EDT
0 Kudos
mattiaslasu
Level 7

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

Thank you Jan, it was the last 0 chunk. I remove it and it all seems to work :-)

It is strange, I have used the same ICAP server both on Bluecoat and Squid and it works fine with them but not the MGW.

Many thanks again :-)

/Mattias Lasu

0 Kudos
jschnell
Level 9

Re: External ICAP server and MWG 7 VMware are not working, why??

Jump to solution

Thanks for the positive feedback

Bye

Jan

0 Kudos