4 Replies Latest reply: Jan 31, 2014 2:49 AM by geek RSS

    NDLP Prevent with Fortigate

    ri3aldi3

      Dear All,

       

      Please suggest me how to integrate NDLP Prevent with Fortigate, because i configure at fortigate using icap get result the icap is error. (error attached). Please let me know how make this issue solved, specially from mcafee prespective.

       

      Thank you

      rie

        • 1. Re: NDLP Prevent with Fortigate

          Hi Rie,

           

          Apologies for the delay on getting a response about this query. Is this still an issue?

           

          If so, can you advise what version of Network DLP you are using? Additionally:

           

          - Is this Prevent appliance scanning both SMTP and ICAP requests?

          - Make sure only REQMOD is sent to the Prevent appliance (it cannot process RESPMOD requests)

           

          I also suggest you have a look at our Knowledge Base, article http://kc.mcafee.com/corporate/index?page=content&id=KB77088 should be a good place to start.

           

          Let us know if you need further assistance.

           

          Kind regards,

          Marcelo

          • 2. Re: NDLP Prevent with Fortigate
            geek

            Hi,

            Could you solve this issue?

             

            i try to integrate NDLP Prevent with Fortigate and have the same issue. Also could you tell what did you paste into "Path" field on Fortigate side?

            DLPPrevent_Fortinet.jpg

             

             

            In fortinet docs I found next: "Path - This is the path on the server to the processing compent. For instance if the Windows

            share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”" so I need to understand what is the path on DLP Prevent server to the processing component. Any idea?

            PS I tried: blank, /DLP, /reqmod but without success.

             

            Message was edited by: geek on 1/30/14 2:56:59 PM GMT+03:00

             

            Message was edited by: geek on 1/30/14 2:58:07 PM GMT+03:00
            • 3. Re: NDLP Prevent with Fortigate
              rtrezza

              With other ICAP clients, the path is set to:

               

              icap://<ip address of dlp-prevent:1344/reqmod

               

              I see in your screenshot that the Fortigate uses a list box for the server and text box for path, so I would first try

               

              /reqmod

               

              As the path.

               

              I would also run tcpdump on the Prevent to make sure the Fortigate is sending to the correct port

               

              #tcpdump -i eth1 port 1344

               

               

              • 4. Re: NDLP Prevent with Fortigate
                geek

                Hi rtrezza,

                 

                Thnks for your reply!

                 

                I understand that this question is must be addressed to Fortinet guys but if you could help me I will be very appreciate.

                 

                When we configure icap from fortigate side we need to do 2 steps:

                1. Icap Server where we can define only ip and port

                1.jpg

                2 Profile. Where we can define request\response processing with icap server from step 1 and path.

                2.jpg

                With this config and default configuration on McAfee DLP Prevent I see next communication betwen fortigate and mcafee dlp:

                link to pcap file: http://yadi.sk/d/LPH5PTGmH4Jij

                 

                Thanks in advacne for your help!

                 

                Regards,

                Alexandr.