1 2 3 4 Previous Next 31 Replies Latest reply: Apr 7, 2014 9:51 AM by mdnramos RSS

    Config NDLP Prevent


      Hi All, have you got any guides about mode and config NDLP Prevent in monitor (span port)? Thanks All!

        • 1. Re: Config NDLP Prevent

          for monitor/span port you have to use the NDLP Monitor.

          • 2. Re: Config NDLP Prevent

            Could you recommend which mode easiest to deploy with NDLP Prevent? How to integrated with Email Server and Web Proxy. Guide for this? Thanks!

            • 3. Re: Config NDLP Prevent

              If you just want to monitor, you can install NDLP Monitor on the appliance and you'll have visiblity in a lot more protocols - this is the easiest way. Just install it, and the 2 separate additionals NICS can be connected in a mirrored port where they'll start indexing traffic immediately.

              For preventing, you need a web proxy that supports being an ICAP client and an e-mail gateway that can inspect and take actions based on custom headers.



              • 4. Re: Config NDLP Prevent

                Thanks George, i want to deploy Preventing but don't know where appliance should put and how to make this work (config guides).

                • 5. Re: Config NDLP Prevent

                  I'm not sure there's such guide and I had to find out things by trial and error. When in prevent mode, it will be using the management interface (the one you're using to access the web gui) for icap, e-mail relaying and management and I don't believe you can chage this. You will need connectivity for the interface for SMTP traffic, ICAP and https for administration.

                  For http/s, you'll need to add on the proxy the following icap server address:

                  icap://>IP address of mgmt. port of Prevent>:1344/reqmod


                  for e-mail, you need to configure your e-mail system to send all outgoing e-mail to NDLP Prevent, then the NDLP Prevent will be sending messages to an e-mail gateway. The e-mail gateway needs to inspect the headers for actions. I can't find out now how the e-mail headrs look like, but you can just send an e-mail through it and check the header.




                  Message was edited by: georgec on 7/4/12 3:16:53 AM CDT
                  • 6. Re: Config NDLP Prevent

                    Thanks so much George! I must deploy for customer but guide for this not much. Hope McAfee can clearing for this products.

                    • 7. Re: Config NDLP Prevent

                      DLP is complex.     EVen with McAFee certified help under the McAfee banner, our deployment of exactly what you're describing has been a bit of a nightmare if I'm being honest.     I fear for your customer smalldog, and I think you're in for one heck of a time yourself because McAfee really struggles at putting all these pieces together aside from one SE I've met.    Even their own contracted pro services folks... no one knows the breadth of this stuff nearly well enough it seems.


                      Yes, monitor may give you more asareness to additional protocols, but if email is headed out encrypted, or there's https involved as there is in any chat or social networking site anywhere, Monitor is going to be nearly useless because it won't be in the middle of encrypted web sessions.   That' where an SSL middling web proxy that pushes upload requests off to DLP prevent for analysis is useful, and  Prevent getting int he middle of outbound mail as an smtp relay is useful.   


                      The mail path can be    exchange -> MEG -> prevent -> MEG -> out        or some environments will do exchange -> prevent -> MEG and out or ... there are many ways to do it.  A lot depends on what email servers you're on, and whether they can be configured to do things with X-RCIS headers such as allow/block/quaratine or not.


                      Oh, and good luck finding any training for NDLP.  There isn't any, at least last I checked.

                      • 8. Re: Config NDLP Prevent

                        Thanks for your information Regis! That's quite difficult to implement for me!

                        • 9. Re: Config NDLP Prevent

                          i use virtual image to install mcafee manager on vmware. But after install i can not log in appliance with password default admin/mcafee, have another password? Thanks!

                          1 2 3 4 Previous Next