cancel
Showing results for 
Search instead for 
Did you mean: 
radhesh
Level 7

Mcafee Web Gateway as ICAP Client

Hi,

  We are trying to configure Mcafee Web gateway as a ICAP Client for a ATP Solution. I am not able to make it working. Has anyone tried this before. Any help is appreciated.

Radhesh

0 Kudos
6 Replies

Re: Mcafee Web Gateway as ICAP Client

BLOCK OPEN

0 Kudos
catdaddy
Level 20

Re: Mcafee Web Gateway as ICAP Client

​,

                     Moved from  Community Support to Web Gateway > Discusions

  For better assistance..

By

Moderator

Cliff
McAfee Volunteer
0 Kudos
McAfee Employee

Re: Mcafee Web Gateway as ICAP Client

Radhesh,

please be more specific what exactly wont work for you?

Can you confirm web gateway sent icap requests to server?

Did you use predefined Rule set for ICAP client from library?

-Sergej

0 Kudos
Troja
Level 14

Re: Mcafee Web Gateway as ICAP Client

Hi,

configures MWG as a ICAP Client and also ICAP server.

- ICAP Server: Bluecoat Proxy sent the content for scanning.

- ICAP Client: MWG sent to a 3rd Party Scanner using ICAP.

​, have you done a policy trace to see whats going on?

Cheers

0 Kudos
Regis
Level 12

Re: Mcafee Web Gateway as ICAP Client

radhesh wrote:

Hi,

  We are trying to configure Mcafee Web gateway as a ICAP Client for a ATP Solution. I am not able to make it working. Has anyone tried this before. Any help is appreciated.

Radhesh

The customer environment I'm working in currently has MWG's acting as ICAP clients to McAfee NDLP Prevent boxes for data loss prevention.   This leverages the ICAP Client  ruleset from the ruleset library.   Any POST requests with a non-zero body or GET requests with parameters are sent with Reqmod to the NDLP prevent boxes.

"Rule Tracing Central" in the Troubleshooting tab of the web gateway is worth its weight in gold.    Slap in the client IP address of the machine you're testing with and it'll tell you what rules it's hitting in your policy and the values of all the evaluated properties and should highlight what's missing.     

To see if anything's going out to your icap server from the web gatweay, hop on the command line of the web gateway and you can do

tcpdump -c 2000 -A -ni eth0 host x.x.x.x and port 1344

Which will dump a max of 2000 packets to the screen and show you what icap client queries are being sent to your icap server x.x.x.x  on the icap port.   Your icap port may be different but that's what the default is for the DLP Prevent goodies.   If you wanna write the dump to a file and look at it in Wireshark instead

tcpdump -c 20000 -vv -s0  -w /opt/mwg/temp/icapdump.pcap  -ni eth0 host x.x.x.x and port 1344

outta do it.   Use an scp client (like pscp or winscp) to pull /opt/mwg/temp/icapdump.pcap  down to a Windows box and look at it in Wireshark.  Don't forget to get rid of the file when you're done as you don't wanna fill your MWG disk with packet captures. 

Support I'm sure would help you sort this out too.  Good luck!

0 Kudos
homeuse
Level 7

Re: Mcafee Web Gateway as ICAP Client

Did you try the ICAP Client Ruleset template?

0 Kudos