McAfee Web Gateway as ICAP Server | Verify functionality via rule trace engine
Is it possible to use the rule trace engine of the Web Gateway solution in order to monitor ICAP requests sent to the respective web gateway (running software version 7.8.2.x)? I am asking this kind of question as I am unable to see my ICAP requests via the just mentioned rule trace engine [web GUI => troubleshooting => rule trace engine], while I can see that the gateway is indeed receiving the correct data via tcpdump.
Also is there some kind of blueprint that I can follow regarding the ICAP config itself? I already prepared the rule base but maybe my issue lies there (the gateway is definitely listening for ICAP traffic and the respective ICAP proxy server has been enabled).
Re: McAfee Web Gateway as ICAP Server | Verify functionality via rule trace engine
Hope you are doing well.
To configure Web Gateway as an ICAP Server , Enable ICAP Server should be enabled and default port is 1344
Attaching rule set for ICAP server which can be imported and used for testing.
If the traffic is hitting rule engine, then it should be seen in rule tracing. Was the source/client IP Address confirmed from the packet capture? What is the ICAP Client here? What exactly do we see in pcap? Successful TCP 3 way handshake , ICAP request?
Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.