4 Replies Latest reply: Jan 31, 2014 2:49 AM by geek RSS

    NDLP Prevent with Fortigate


      Dear All,


      Please suggest me how to integrate NDLP Prevent with Fortigate, because i configure at fortigate using icap get result the icap is error. (error attached). Please let me know how make this issue solved, specially from mcafee prespective.


      Thank you


        • 1. Re: NDLP Prevent with Fortigate

          Hi Rie,


          Apologies for the delay on getting a response about this query. Is this still an issue?


          If so, can you advise what version of Network DLP you are using? Additionally:


          - Is this Prevent appliance scanning both SMTP and ICAP requests?

          - Make sure only REQMOD is sent to the Prevent appliance (it cannot process RESPMOD requests)


          I also suggest you have a look at our Knowledge Base, article http://kc.mcafee.com/corporate/index?page=content&id=KB77088 should be a good place to start.


          Let us know if you need further assistance.


          Kind regards,


          • 2. Re: NDLP Prevent with Fortigate


            Could you solve this issue?


            i try to integrate NDLP Prevent with Fortigate and have the same issue. Also could you tell what did you paste into "Path" field on Fortigate side?




            In fortinet docs I found next: "Path - This is the path on the server to the processing compent. For instance if the Windows

            share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”" so I need to understand what is the path on DLP Prevent server to the processing component. Any idea?

            PS I tried: blank, /DLP, /reqmod but without success.


            Message was edited by: geek on 1/30/14 2:56:59 PM GMT+03:00


            Message was edited by: geek on 1/30/14 2:58:07 PM GMT+03:00
            • 3. Re: NDLP Prevent with Fortigate

              With other ICAP clients, the path is set to:


              icap://<ip address of dlp-prevent:1344/reqmod


              I see in your screenshot that the Fortigate uses a list box for the server and text box for path, so I would first try




              As the path.


              I would also run tcpdump on the Prevent to make sure the Fortigate is sending to the correct port


              #tcpdump -i eth1 port 1344



              • 4. Re: NDLP Prevent with Fortigate

                Hi rtrezza,


                Thnks for your reply!


                I understand that this question is must be addressed to Fortinet guys but if you could help me I will be very appreciate.


                When we configure icap from fortigate side we need to do 2 steps:

                1. Icap Server where we can define only ip and port


                2 Profile. Where we can define request\response processing with icap server from step 1 and path.


                With this config and default configuration on McAfee DLP Prevent I see next communication betwen fortigate and mcafee dlp:

                link to pcap file: http://yadi.sk/d/LPH5PTGmH4Jij


                Thanks in advacne for your help!