From my web gateway, I caught the Prevent apparently in a bad state when I was tryig to ftp a file outbound this weekend. The web gateway reported that no ICAP servers could be reached. The web gateway is configured for REQMOD and has 2 icap servers from two separate Prevents.
If you call level 1 DLP support, they hear the words web gateway and they send you there. Yet web gateway support seems to understand that "yeah, this says we couldn't get to the ICAP server."
I have root CLI access to the servers.. but I'm curious if anyone knows where best to look for additional clues when debugging an ICAP error issue.
The issue seems to be intermittent for what it's worth. ftp uploads and the prvents seemed to be fine on Monday.