cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 6

WebGateway send malicious traffic to 3rd party device

Jump to solution

Hi,

Is it supported to send malicious traffic to external, 3rd party device (AV Engine server) trough ICAP with the Web Gateway?

Thanks,

Zoltan

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: WebGateway send malicious traffic to 3rd party device

Jump to solution

OK then.

This is possible.

M.

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

View solution in original post

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: WebGateway send malicious traffic to 3rd party device

Jump to solution

Sure!

Instead of a block action in the Antimalware rule set, use a continue and enable the ICAP client in the event section.

MWG will then not block malware, but will send that to another scanner via ICAP.

As this setup sounds a bit weird I am interested in your goal - what do you want to acchive?

thanks,

MIchael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
Highlighted
Level 9
Report Inappropriate Content
Message 3 of 6

Re: WebGateway send malicious traffic to 3rd party device

Jump to solution

Thanks for your response Michael!

The question is a bit theoretical. We received it in an RFI.

I mean the customer does not like to bypass the embedded AV engines but they would like to use 3rd party engines beside them (i.e. Kaspersky, Trendmicro) on an AV external server.

Is it possible through ICAP? I think the answer is yes but I'm not sure.

Regards,

Zoltan

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: WebGateway send malicious traffic to 3rd party device

Jump to solution

OK then.

This is possible.

M.

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

View solution in original post

Highlighted

Re: WebGateway send malicious traffic to 3rd party device

Jump to solution

Hi Michael,

one of our customers would like to use an external 3-rd party content scanner as a second engine, too.

But we get an internal icap error, when the external scanner blocked the content.

Do you have a working policy example (or best practice ;-)) for this purpose?

Thanks, Viktor

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: WebGateway send malicious traffic to 3rd party device

Jump to solution

Hi Viktor,

the best practises policy is the ICAP Client Policy in MWG's rule set library. What error do you get?

thanks,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community