6 Replies Latest reply on Mar 8, 2011 1:17 PM by infosecjeff

    ICAP Link Client

      On 6.8.x we can put the name of ICAP Server service, that is working on my appliance.

       

      We can view tha on Proxies > ICAPs Server -> REQMOD Settings -> REQMOD resource name: XXXXXXXXXX

       

      On my ICAP client, I put this service working with that link:

       

      icap://192.168.0.101:1344/wwreqmod on

       

       

      In the McAffe 7 dont have this option, to put the name of the service.

       

      I wanna know the default name of REQMOD Mode on McAffe 7.

       

      When i put no resource name in the ICAP Client, it show me a notification like that.

       

      icap://192.168.0.101:1344/ on

       

      icaptest error: invalid service url. Need to specify the resource name

       

       

      Message was edited by: Caio Tobias on 7/8/10 9:58:49 AM CDT
        • 1. Re: ICAP Link Client

          You can put any value in for the service name on the client.

          The MWG7 ICAP server will accept all values.

           

            icap://192.168.0.101:1344/anything

           

          If you need to have some different selection with the policy, you can use a profile parameter:

            icap://192.168.2.230:1344/anything?profile=myPolicy

           

          And in the rules, use a property of:

            ICAP.Policy equals "myPolicy"

           

          • 2. Re: ICAP Link Client

            Hi Erik, but if i want that my client only send REQMOD request to my ICAP Server?

             

            How i configure that ?

             

            Thanks for your participation.

            • 3. Re: ICAP Link Client

              Describe what machine is the ICAP client and what machine is the ICAP server. I might not understand what you are asking exactly.

               

              For example,

              Is MWG being used as an ICAP server to accept traffic from another proxy like Squid or BlueCoat and doing URL (REQMOD) and Antimalware (RESPMOD) scanning?

                or

              Is MWG an ICAP client, where you want to also forward outboud traffic (REQMOD) to a DLP solution?

               

              MWG 6 and 7 can be either or both, depending on what you are trying to do.

               

              The response I gave before was assuming you were using MWG7 as an ICAP Server that other proxies were send traffic to for scanning. It sounded like that's what you wanted. Is this what you want to do?

               

              If MWG7 is the ICAP server for RESPMOD URL filtering, you create a rule set and check the Request Cycle for the Rule Set. Then put URL.Categories rules into the rule set and they will be categorized.

               

              If you are sending content to MWG7 for scanning, then check only the Response Cycle (RESPMOD) on the rule set and place Antimalware rules in the Rule Set.

               

              Does that explain it better? I'm trying to be as general as possible in the public forum so that it may apply to others reading this.

               

              • 4. Re: ICAP Link Client
                infosecjeff

                Can the Web Gateway 6.8 and 7, acting as an ICAP server, send username and IP information to a DLP solution?

                Here the question a client is asking:

                 

                Web Gateway 6.8.7 build 9396, the issue is that username information is not being passed through to our Symantec DLP solution via ICAP using our current authentication method (Transparent).  Can this be accomplished in 6.8?  If so how?  If not in 6.8 can it be done in version 7, and if so how?

                • 5. Re: ICAP Link Client
                  michael_schneider

                  Hello Jeff,

                   

                  generall MWG should pass the info as part of the X-Authenticated-User, X-Authenticated-Groups and X-Client-IP headers. I don't see any issue why this should be the case with the ICAP solution from Vontu. My usggestions is you make a telnet to vontu on the ICAP port and send an options request.

                  As an example from one of McAfee's DLP solutions:

                   

                  [root@reconnex ~]# telnet localhost 1344

                  Trying 127.0.0.1...

                  Connected to localhost.

                  Escape character is '^]'.

                  OPTIONS icap://127.0.0.1:1344/reqmod

                   

                  ICAP/1.0 200 OK

                  Date: Tue, 08 Mar 2011 08:04:07 GMT

                  ISTag: "McAfee-052501-2011-82698"

                  Methods: REQMOD

                  Service: Reconnex iGuard ICAP Server 1.0

                  Options-TTL: 3600

                  Max-Connections: 4096

                  Preview: 4096

                  Allow: 204

                  Transfer-Preview: *

                  Encapsulated: null-body=0

                  X-Include: X-Client-IP, X-Server-IP, X-Authenticated-User

                   

                   

                   

                  In the options response, you see the supported X-Headers in the X-Inlcude section.

                   

                  Do the same an post to to see if the Vontu solution support these headers.

                   

                  thanks,

                  Michael

                  • 6. Re: ICAP Link Client
                    infosecjeff

                    Thanks Michael.  I'll try it tomorrow with the client.