cancel
Showing results for 
Search instead for 
Did you mean: 
ranskaio
Level 7

ICAP Link Client

On 6.8.x we can put the name of ICAP Server service, that is working on my appliance.

We can view tha on Proxies > ICAPs Server -> REQMOD Settings -> REQMOD resource name: XXXXXXXXXX

On my ICAP client, I put this service working with that link:

icap://192.168.0.101:1344/wwreqmod on

In the McAffe 7 dont have this option, to put the name of the service.

I wanna know the default name of REQMOD Mode on McAffe 7.

When i put no resource name in the ICAP Client, it show me a notification like that.

icap://192.168.0.101:1344/ on

icaptest error: invalid service url. Need to specify the resource name

Message was edited by: Caio Tobias on 7/8/10 9:58:49 AM CDT
0 Kudos
6 Replies
eelsasser
Level 15

Re: ICAP Link Client

You can put any value in for the service name on the client.

The MWG7 ICAP server will accept all values.

  icap://192.168.0.101:1344/anything

If you need to have some different selection with the policy, you can use a profile parameter:

  icap://192.168.2.230:1344/anything?profile=myPolicy

And in the rules, use a property of:

  ICAP.Policy equals "myPolicy"

0 Kudos
ranskaio
Level 7

Re: ICAP Link Client

Hi Erik, but if i want that my client only send REQMOD request to my ICAP Server?

How i configure that ?

Thanks for your participation.

0 Kudos
eelsasser
Level 15

Re: ICAP Link Client

Describe what machine is the ICAP client and what machine is the ICAP server. I might not understand what you are asking exactly.

For example,

Is MWG being used as an ICAP server to accept traffic from another proxy like Squid or BlueCoat and doing URL (REQMOD) and Antimalware (RESPMOD) scanning?

  or

Is MWG an ICAP client, where you want to also forward outboud traffic (REQMOD) to a DLP solution?

MWG 6 and 7 can be either or both, depending on what you are trying to do.

The response I gave before was assuming you were using MWG7 as an ICAP Server that other proxies were send traffic to for scanning. It sounded like that's what you wanted. Is this what you want to do?

If MWG7 is the ICAP server for RESPMOD URL filtering, you create a rule set and check the Request Cycle for the Rule Set. Then put URL.Categories rules into the rule set and they will be categorized.

If you are sending content to MWG7 for scanning, then check only the Response Cycle (RESPMOD) on the rule set and place Antimalware rules in the Rule Set.

Does that explain it better? I'm trying to be as general as possible in the public forum so that it may apply to others reading this.

0 Kudos
infosecjeff
Level 7

Re: ICAP Link Client

Can the Web Gateway 6.8 and 7, acting as an ICAP server, send username and IP information to a DLP solution?

Here the question a client is asking:

Web Gateway 6.8.7 build 9396, the issue is that username information is not being passed through to our Symantec DLP solution via ICAP using our current authentication method (Transparent).  Can this be accomplished in 6.8?  If so how?  If not in 6.8 can it be done in version 7, and if so how?

0 Kudos
McAfee Employee

Re: ICAP Link Client

Hello Jeff,

generall MWG should pass the info as part of the X-Authenticated-User, X-Authenticated-Groups and X-Client-IP headers. I don't see any issue why this should be the case with the ICAP solution from Vontu. My usggestions is you make a telnet to vontu on the ICAP port and send an options request.

As an example from one of McAfee's DLP solutions:

[root@reconnex ~]# telnet localhost 1344

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

OPTIONS icap://127.0.0.1:1344/reqmod

ICAP/1.0 200 OK

Date: Tue, 08 Mar 2011 08:04:07 GMT

ISTag: "McAfee-052501-2011-82698"

Methods: REQMOD

Service: Reconnex iGuard ICAP Server 1.0

Options-TTL: 3600

Max-Connections: 4096

Preview: 4096

Allow: 204

Transfer-Preview: *

Encapsulated: null-body=0

X-Include: X-Client-IP, X-Server-IP, X-Authenticated-User

In the options response, you see the supported X-Headers in the X-Inlcude section.

Do the same an post to to see if the Vontu solution support these headers.

thanks,

Michael

0 Kudos
infosecjeff
Level 7

Re: ICAP Link Client

Thanks Michael.  I'll try it tomorrow with the client.

0 Kudos