7 Replies Latest reply on Jul 12, 2012 3:02 AM by jschnell

    External ICAP server and MWG 7 VMware are not working, why??

      Hi all,

      My goal is to setup McAfee Web Gataway as a proxy and my own external ICAP server that shall only receive ICAP respmod questions. It does not work at all.

      Ok, I am using Wireshark to see the traffic between my ICAP server and the MWG and yes I see the options request from the MWG and it seems to work, my ICAP server are answer to them.

      The Options request from MWG is coming every 10 sec.

       

      I wonder if there are some documents regarding to setup an external ICAP server and using MWG as an ICAP client?

       

      I have MWG 7 VMware installation.

      I have imported the rule set from library for ICAP client and using default settings for the respmode (I have deleted the reqmod).

      I get this error page when I try to reach google.se:

       

      An internal error occured while processing your request.

       

      URL: http://www.google.se/URL Categories: Search Engines
      Current Rule ID: 18170
      Current Rule Name: Call RespMod Server
      Error Message: (16000) ICAP client filter error: no ICAP server available.

       

      I do not know why there says “no ICAP server available” strange!

       

      Can someone help me please.

      Thanks

      Mattias Lasu

        • 1. Re: External ICAP server and MWG 7 VMware are not working, why??
          Jon Scholten

          It just sounds like an ICAP server is not defined or is unavailable.

           

          Can you run a tcpdump and see what the traffis shows?

           

          ~jon

          • 2. Re: External ICAP server and MWG 7 VMware are not working, why??

            Hi,

             

            Here comes the tcp dump and a whireshark dump.

            TCP dump is on the MGW and the whireshark dump is between my computer that my ICAP server is installed and the MGW 7 VMWare that is also installed on my computer.

             

            And how can I upload the files?

             

            Thanks for the help

            /Mattias Lasu

            • 3. Re: External ICAP server and MWG 7 VMware are not working, why??

              Okay, I shall try to explain how the traffics look like.

              Between my ICAP server and the MGW the Option request look like this:

               

              “OPTIONS icap://192.168.10.59/respmod ICAP/1.0

              Host: 192.168.10.59

              User-Agent: McAfee Web Gateway 7.2.0

               

              ICAP/1.0 200 OK

              Methods: RESPMOD

              Service-ID: NetClean

              ISTag: "SD 010001010000000"

              Encapsulated: null-body=0

              Max-Connections: 2000

              Options-TTL: 3000

              Allow: 204

              Preview: 4000

              Transfer-Preview: *

              X-Include: X-Client-IP

              Connection: close

              Transfer-Ignore: asp, bat, exe, com

              0”

               

              And when I try to get an image on a web site, its look like this:

               

              “GET /test/NetClean_Img2.jpg HTTP/1.1

              Via: 1.1 192.168.79.129 (McAfee Web Gateway 7.2.0.1.0.13253)

              Host: netclean.com

              Accept: */*

              Cookie: __utma=133485585.287898897.1337607599.1341232664.1341315056.6; __utmz=133485585.1337607599.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SnapABugHistory=9#

              Pragma: no-cache

              Referer: http://netclean.com/test/net.htm

              Connection: Keep-Alive

              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)

              Accept-Encoding: gzip, deflate

              Accept-Language: sv-SE

              X-Forwarded-For: 192.168.79.1

               

              HTTP/1.1 200 OK

              Content-Length: 210444

              Content-Type: image/jpeg

              Last-Modified: Mon, 01 Feb 2010 10:24:37 GMT

              Accept-Ranges: bytes

              ETag: "5c1aaac128a3ca1:fcbe7"

              Server: Microsoft-IIS/6.0

              X-Powered-By: ASP.NET

              Date: Thu, 12 Jul 2012 06:09:19 GMT

              ......JFIF”

               

              Not the hole image are coming maybe 2K.

               

              The same images on the MGW using TCP dump looks like this:

               

              “GET /test/NetClean_Img2.jpg HTTP/1.1

              Via:HTTP/1.1 200 OK

              Content-Length: 210444

              C.........................................”

               

              And the Option request on the MGW using TCP dump look like this:

               

              “OPTIONS icap://192.168.10.59/respmod ICAP/ICAP/1.0 200 OK

              Methods: RESPMOD

              Service”

               

              So why the MGW not showing the same traffic as on my real computer that’s is a question!

               

              Thanks for the help

              /Mattias Lasu

              • 4. Re: External ICAP server and MWG 7 VMware are not working, why??
                jschnell

                Hello,

                 

                really hard to tell without an tcp dump, but from the text input: There is a '0' at the end of the OPTIONS response, which seems to be wrong there. As the encapsulated header says there isn't a body (null body) there must not be an 0 chunk to indicate the end of the response body .

                 

                Bye

                Jan

                • 5. Re: External ICAP server and MWG 7 VMware are not working, why??

                  I also do not actually see any ICAP RESPMOD request to your ICAP server either.

                  The OPTIONS request is simply a heartbeat and not related to the actual ICAP connection.

                   

                   

                  When you edit a message on this forum, click the 'Use advanced editor' link and you can attach a file.

                   

                  Message was edited by: eelsasser on 7/12/12 3:29:53 AM EDT
                  • 6. Re: External ICAP server and MWG 7 VMware are not working, why??

                    Thank you Jan, it was the last 0 chunk. I remove it and it all seems to work :-)

                     

                    It is strange, I have used the same ICAP server both on Bluecoat and Squid and it works fine with them but not the MGW.

                     

                    Many thanks again :-)

                    /Mattias Lasu

                    • 7. Re: External ICAP server and MWG 7 VMware are not working, why??
                      jschnell

                      Thanks for the positive feedback

                       

                      Bye

                      Jan