cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

Hi All,

Need to configure MWG as an ICAP client, where we need to forward web traffic to a dlp solution. kindly suggest what policies to be made. and the position of the same in the policy sequence.

mwg version 7.6.2 and the dlp solution is not from McAfee.

3 Replies
Reliable Contributor asabban
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

Hello,

in the products rule library there is a rule "DLP via ICAP" in the "DLP" category. That rule should forward the traffic to the external DLP box. Put the rule set close the end of the policy, maybe in front of the AV rules to allow MWG to block as many requests as possible before asking the DLP solution via ICAP.

Best,

Andre

Re: MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

Hello Asabban,

Thanks for the answer it is done from mwg part but the destination DLP solution is Symantec, we are not getting any traffic in the symantec DLP.

if mwg ICAP client has any compatibility with other other dlp solutions.

Thanks

Dharani

Reliable Contributor asabban
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

There should not be any compatibility problems, since ICAP is a defined protocol to transfer data from one system to another one for modification. You can easily go to the Troubleshooting tab in MWG, to the "Packet Captures" section and run a packet capture. Type "-i any port 1344" into the command line field and start the capture. Then transfer some data through MWG and have a look into the dump.

You should be able to verify that MWG sends data off to the ICAP server by looking into the file.

Please note that on MWG side you most likely have to enable SSL scanner and need to send some data, as requests without any payload will not be sent to the ICAP server. A rule engine trace on MWG will reveal if you hit the DLP rule set as expected.

Best,

Andre