7 Replies Latest reply: Dec 10, 2013 2:26 PM by mdnramos RSS

    NDLP prevention connection failed

    xvass

      Hi! I want to configure prevent appliance to block certain URLs that contain specific keywords. I have M86 SWG as a  proxy server. I have configured ICAP on M86 proxy but  when i test it shows me an error that cannot connect

       

       

       

      REQMOD error.png

        • 1. Re: NDLP prevention connection failed
          bphang

          I do not believe that is what you use NDLP Prevent for.

          Anyway looking at that, looks like you have not configured the SWG properly?

          • 2. Re: NDLP prevention connection failed
            andyclements

            Can you provide more information about the ICAP settings?  I am not familiar with the M86 products, but the settings should be fairly similar across all products.  The names and locations of the settings will of course be different.

             

            Prevent operates on port 1344.  That port will of course have to be open on any firewall between the two systems.

             

            Queries are sent to /reqmod and /respmod, depending on if they are requests or responses.

            • 3. Re: NDLP prevention connection failed
              xvass

              Hi Andy ,

               

              firewall port is open for 1344. As i can see from tcpdump ndlp prevention responses on ICAP reqmod, but after that m83 gives an error and then i cannot proceed to save the configuration. Below i have attached an image showing the configuration from M83

               

              Image removed at poster's request.   Moderator

               

              Message was edited by: Ex_Brit on 10/12/13 6:42:35 EST AM
              • 4. Re: NDLP prevention connection failed
                andyclements

                Try replaceing the /request with /REQMOD.  Capitalzation is important.

                 

                If that is still failing, try running a tcpdump while performing the test and see what the results are.  Hopefully that will get you more infomation than just 'null'.

                • 5. Re: NDLP prevention connection failed
                  xvass

                  Hi Andy ,

                   

                   

                  Sorry it was  /REQMOD not /request .. my fault ... I also did tcpdump which im investigating to see if i find something usefull. Anyway thanks for your help .

                  • 6. Re: NDLP prevention connection failed
                    xvass

                    I also did Finjan_REQMOD but neither that did the trick .. .same error .. :-(

                    • 7. Re: NDLP prevention connection failed

                      Hi xvass,

                       

                      Unfortunately it is difficult to say what is happening based on the information provided. I can only suggest you run a packet capture on the proxy server or the NDLP Prevent, and check the following on its contents:

                       

                      1. That the TCP handshake over port 1344 completes successfully

                      2. The content of REQMOD sent by the proxy to NDLP

                      3. The ICAP response code from NDLP

                       

                      If you can collect a capture containing the full data stream here maybe I could provide a more detailed assessment.

                       

                      Hope this helps.