Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1387 Views 10 Replies Latest reply: Oct 23, 2013 12:06 AM by rukmalf RSS 1 2 Previous Next
rukmalf Apprentice 64 posts since
Jun 11, 2013
Currently Being Moderated

Sep 10, 2013 11:37 PM

16000 ICAP client filter error- No ICAP server Available



We have a DLP setup where we use a webgateway for the sole purpose of forwarding traffic to the NDLP via ICAP. The Webgateway is in transparent mode. This setup has been working for sometime and recently the users complained that they get an error saying "rule engine error - 16000 ICAP client filter error- No ICAP server Available". So I added a rule to stop the ruleset when any error ids for icap comes.

Next I tested using a PC and had a tcpdump on the webgateway with the filter -npi any -s0 host or port 1344

the test pc is and the mwg and ndlp have and ips respectively.


sites such as, cannot be accessed (get the icap error). but i can access and a few more sites. but if I try to post something on pastebin then i get the icap error.


from what I see is the webgateway doesn't seem to forward any content to the NDLP.


I would appreciate if anyone could help me to figure out what is going on since this started happening all of a sudden.


I have attached the pcap and the screenshots of the rule base.




Thankx in advance.





Message was edited by: rukmalf on 9/10/13 11:37:42 PM CDT

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points