cancel
Showing results for 
Search instead for 
Did you mean: 

MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

Hi All,

Need to configure MWG as an ICAP client, where we need to forward web traffic to a dlp solution. kindly suggest what policies to be made. and the position of the same in the policy sequence.

mwg version 7.6.2 and the dlp solution is not from McAfee.

3 Replies
Reliable Contributor asabban
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

Hello,

in the products rule library there is a rule "DLP via ICAP" in the "DLP" category. That rule should forward the traffic to the external DLP box. Put the rule set close the end of the policy, maybe in front of the AV rules to allow MWG to block as many requests as possible before asking the DLP solution via ICAP.

Best,

Andre

Re: MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

Hello Asabban,

Thanks for the answer it is done from mwg part but the destination DLP solution is Symantec, we are not getting any traffic in the symantec DLP.

if mwg ICAP client has any compatibility with other other dlp solutions.

Thanks

Dharani

Reliable Contributor asabban
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: MWG as an ICAP client, where we want to forward outbound traffic (REQMOD) to a DLP solution

There should not be any compatibility problems, since ICAP is a defined protocol to transfer data from one system to another one for modification. You can easily go to the Troubleshooting tab in MWG, to the "Packet Captures" section and run a packet capture. Type "-i any port 1344" into the command line field and start the capture. Then transfer some data through MWG and have a look into the dump.

You should be able to verify that MWG sends data off to the ICAP server by looking into the file.

Please note that on MWG side you most likely have to enable SSL scanner and need to send some data, as requests without any payload will not be sent to the ICAP server. A rule engine trace on MWG will reveal if you hit the DLP rule set as expected.

Best,

Andre

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community