Please suggest me how to integrate NDLP Prevent with Fortigate, because i configure at fortigate using icap get result the icap is error. (error attached). Please let me know how make this issue solved, specially from mcafee prespective.
Apologies for the delay on getting a response about this query. Is this still an issue?
If so, can you advise what version of Network DLP you are using? Additionally:
- Is this Prevent appliance scanning both SMTP and ICAP requests?
- Make sure only REQMOD is sent to the Prevent appliance (it cannot process RESPMOD requests)
I also suggest you have a look at our Knowledge Base, article http://kc.mcafee.com/corporate/index?page=content&id=KB77088 should be a good place to start.
Let us know if you need further assistance.
FAQs for Network DLP - http://kc.mcafee.com/corporate/index?page=content&id=KB77088
FAQs for Email Gateway 7.x - http://kc.mcafee.com/corporate/index?page=content&id=KB76144
Could you solve this issue?
i try to integrate NDLP Prevent with Fortigate and have the same issue. Also could you tell what did you paste into "Path" field on Fortigate side?
In fortinet docs I found next: "Path - This is the path on the server to the processing compent. For instance if the Windows
share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”" so I need to understand what is the path on DLP Prevent server to the processing component. Any idea?
PS I tried: blank, /DLP, /reqmod but without success.
Message was edited by: geek on 1/30/14 2:56:59 PM GMT+03:00
Message was edited by: geek on 1/30/14 2:58:07 PM GMT+03:00
With other ICAP clients, the path is set to:
icap://<ip address of dlp-prevent:1344/reqmod
I see in your screenshot that the Fortigate uses a list box for the server and text box for path, so I would first try
As the path.
I would also run tcpdump on the Prevent to make sure the Fortigate is sending to the correct port
#tcpdump -i eth1 port 1344
Thnks for your reply!
I understand that this question is must be addressed to Fortinet guys but if you could help me I will be very appreciate.
When we configure icap from fortigate side we need to do 2 steps:
1. Icap Server where we can define only ip and port
2 Profile. Where we can define request\response processing with icap server from step 1 and path.
With this config and default configuration on McAfee DLP Prevent I see next communication betwen fortigate and mcafee dlp:
link to pcap file: http://yadi.sk/d/LPH5PTGmH4Jij
Thanks in advacne for your help!