cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ICAP Link Client

On 6.8.x we can put the name of ICAP Server service, that is working on my appliance.

We can view tha on Proxies > ICAPs Server -> REQMOD Settings -> REQMOD resource name: XXXXXXXXXX

On my ICAP client, I put this service working with that link:

icap://192.168.0.101:1344/wwreqmod on

In the McAffe 7 dont have this option, to put the name of the service.

I wanna know the default name of REQMOD Mode on McAffe 7.

When i put no resource name in the ICAP Client, it show me a notification like that.

icap://192.168.0.101:1344/ on

icaptest error: invalid service url. Need to specify the resource name

Message was edited by: Caio Tobias on 7/8/10 9:58:49 AM CDT
6 Replies

Re: ICAP Link Client

You can put any value in for the service name on the client.

The MWG7 ICAP server will accept all values.

  icap://192.168.0.101:1344/anything

If you need to have some different selection with the policy, you can use a profile parameter:

  icap://192.168.2.230:1344/anything?profile=myPolicy

And in the rules, use a property of:

  ICAP.Policy equals "myPolicy"

Re: ICAP Link Client

Hi Erik, but if i want that my client only send REQMOD request to my ICAP Server?

How i configure that ?

Thanks for your participation.

Re: ICAP Link Client

Describe what machine is the ICAP client and what machine is the ICAP server. I might not understand what you are asking exactly.

For example,

Is MWG being used as an ICAP server to accept traffic from another proxy like Squid or BlueCoat and doing URL (REQMOD) and Antimalware (RESPMOD) scanning?

  or

Is MWG an ICAP client, where you want to also forward outboud traffic (REQMOD) to a DLP solution?

MWG 6 and 7 can be either or both, depending on what you are trying to do.

The response I gave before was assuming you were using MWG7 as an ICAP Server that other proxies were send traffic to for scanning. It sounded like that's what you wanted. Is this what you want to do?

If MWG7 is the ICAP server for RESPMOD URL filtering, you create a rule set and check the Request Cycle for the Rule Set. Then put URL.Categories rules into the rule set and they will be categorized.

If you are sending content to MWG7 for scanning, then check only the Response Cycle (RESPMOD) on the rule set and place Antimalware rules in the Rule Set.

Does that explain it better? I'm trying to be as general as possible in the public forum so that it may apply to others reading this.

Re: ICAP Link Client

Can the Web Gateway 6.8 and 7, acting as an ICAP server, send username and IP information to a DLP solution?

Here the question a client is asking:

Web Gateway 6.8.7 build 9396, the issue is that username information is not being passed through to our Symantec DLP solution via ICAP using our current authentication method (Transparent).  Can this be accomplished in 6.8?  If so how?  If not in 6.8 can it be done in version 7, and if so how?

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: ICAP Link Client

Hello Jeff,

generall MWG should pass the info as part of the X-Authenticated-User, X-Authenticated-Groups and X-Client-IP headers. I don't see any issue why this should be the case with the ICAP solution from Vontu. My usggestions is you make a telnet to vontu on the ICAP port and send an options request.

As an example from one of McAfee's DLP solutions:

[root@reconnex ~]# telnet localhost 1344

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

OPTIONS icap://127.0.0.1:1344/reqmod

ICAP/1.0 200 OK

Date: Tue, 08 Mar 2011 08:04:07 GMT

ISTag: "McAfee-052501-2011-82698"

Methods: REQMOD

Service: Reconnex iGuard ICAP Server 1.0

Options-TTL: 3600

Max-Connections: 4096

Preview: 4096

Allow: 204

Transfer-Preview: *

Encapsulated: null-body=0

X-Include: X-Client-IP, X-Server-IP, X-Authenticated-User

In the options response, you see the supported X-Headers in the X-Inlcude section.

Do the same an post to to see if the Vontu solution support these headers.

thanks,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: ICAP Link Client

Thanks Michael.  I'll try it tomorrow with the client.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community