Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
521 Views 4 Replies Latest reply: Jan 31, 2014 2:49 AM by geek RSS
ri3aldi3 Newcomer 3 posts since
Jun 16, 2013
Currently Being Moderated

Jul 13, 2013 7:34 AM

NDLP Prevent with Fortigate

Dear All,

 

Please suggest me how to integrate NDLP Prevent with Fortigate, because i configure at fortigate using icap get result the icap is error. (error attached). Please let me know how make this issue solved, specially from mcafee prespective.

 

Thank you

rie

  • mdnramos Apprentice 52 posts since
    Nov 23, 2009
    Currently Being Moderated
    1. Aug 19, 2013 7:59 AM (in response to ri3aldi3)
    Re: NDLP Prevent with Fortigate

    Hi Rie,

     

    Apologies for the delay on getting a response about this query. Is this still an issue?

     

    If so, can you advise what version of Network DLP you are using? Additionally:

     

    - Is this Prevent appliance scanning both SMTP and ICAP requests?

    - Make sure only REQMOD is sent to the Prevent appliance (it cannot process RESPMOD requests)

     

    I also suggest you have a look at our Knowledge Base, article http://kc.mcafee.com/corporate/index?page=content&id=KB77088 should be a good place to start.

     

    Let us know if you need further assistance.

     

    Kind regards,

    Marcelo


    --------------------------------------------------
    -Marcelo

    McAfee SupportPortal - https://mysupport.mcafee.com/Eservice/Default.aspx

    FAQs for Network DLP - http://kc.mcafee.com/corporate/index?page=content&id=KB77088

    FAQs for Email Gateway 7.x - http://kc.mcafee.com/corporate/index?page=content&id=KB76144

  • geek Apprentice 129 posts since
    Feb 16, 2009
    Currently Being Moderated
    2. Jan 30, 2014 5:58 AM (in response to ri3aldi3)
    Re: NDLP Prevent with Fortigate

    Hi,

    Could you solve this issue?

     

    i try to integrate NDLP Prevent with Fortigate and have the same issue. Also could you tell what did you paste into "Path" field on Fortigate side?

    DLPPrevent_Fortinet.jpg

     

     

    In fortinet docs I found next: "Path - This is the path on the server to the processing compent. For instance if the Windows

    share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”" so I need to understand what is the path on DLP Prevent server to the processing component. Any idea?

    PS I tried: blank, /DLP, /reqmod but without success.

     

    Message was edited by: geek on 1/30/14 2:56:59 PM GMT+03:00

     

    Message was edited by: geek on 1/30/14 2:58:07 PM GMT+03:00
  • rtrezza Newcomer 9 posts since
    Aug 30, 2010
    Currently Being Moderated
    3. Jan 30, 2014 8:28 AM (in response to geek)
    Re: NDLP Prevent with Fortigate

    With other ICAP clients, the path is set to:

     

    icap://<ip address of dlp-prevent:1344/reqmod

     

    I see in your screenshot that the Fortigate uses a list box for the server and text box for path, so I would first try

     

    /reqmod

     

    As the path.

     

    I would also run tcpdump on the Prevent to make sure the Fortigate is sending to the correct port

     

    #tcpdump -i eth1 port 1344

     

     

  • geek Apprentice 129 posts since
    Feb 16, 2009
    Currently Being Moderated
    4. Jan 31, 2014 2:49 AM (in response to rtrezza)
    Re: NDLP Prevent with Fortigate

    Hi rtrezza,

     

    Thnks for your reply!

     

    I understand that this question is must be addressed to Fortinet guys but if you could help me I will be very appreciate.

     

    When we configure icap from fortigate side we need to do 2 steps:

    1. Icap Server where we can define only ip and port

    1.jpg

    2 Profile. Where we can define request\response processing with icap server from step 1 and path.

    2.jpg

    With this config and default configuration on McAfee DLP Prevent I see next communication betwen fortigate and mcafee dlp:

    link to pcap file: http://yadi.sk/d/LPH5PTGmH4Jij

     

    Thanks in advacne for your help!

     

    Regards,

    Alexandr.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points