Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1408 Views 10 Replies Latest reply: Oct 23, 2013 12:06 AM by rukmalf RSS 1 2 Previous Next
rukmalf Apprentice 65 posts since
Jun 11, 2013
Currently Being Moderated

Sep 10, 2013 11:37 PM

16000 ICAP client filter error- No ICAP server Available

Hi,

 

We have a DLP setup where we use a webgateway for the sole purpose of forwarding traffic to the NDLP via ICAP. The Webgateway is in transparent mode. This setup has been working for sometime and recently the users complained that they get an error saying "rule engine error - 16000 ICAP client filter error- No ICAP server Available". So I added a rule to stop the ruleset when any error ids for icap comes.

Next I tested using a PC and had a tcpdump on the webgateway with the filter -npi any -s0 host 10.2.163.6 or port 1344

the test pc is 10.2.163.6 and the mwg and ndlp have 10.2.160.55 and 10.2.160.56 ips respectively.

 

sites such as google.com, yahoo.com cannot be accessed (get the icap error). but i can access pastebin.com and a few more sites. but if I try to post something on pastebin then i get the icap error.

 

from what I see is the webgateway doesn't seem to forward any content to the NDLP.

 

I would appreciate if anyone could help me to figure out what is going on since this started happening all of a sudden.

 

I have attached the pcap and the screenshots of the rule base.

1.PNG2.PNG3.PNG

 

 

Thankx in advance.

 

Regards

Rukmal

 

Message was edited by: rukmalf on 9/10/13 11:37:42 PM CDT
Attachments:


Regards
Rukmal
1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points