Can you provide more information about the ICAP settings? I am not familiar with the M86 products, but the settings should be fairly similar across all products. The names and locations of the settings will of course be different.
Prevent operates on port 1344. That port will of course have to be open on any firewall between the two systems.
Queries are sent to /reqmod and /respmod, depending on if they are requests or responses.
Hi Andy ,
firewall port is open for 1344. As i can see from tcpdump ndlp prevention responses on ICAP reqmod, but after that m83 gives an error and then i cannot proceed to save the configuration. Below i have attached an image showing the configuration from M83
Image removed at poster's request. Moderator
Message was edited by: Ex_Brit on 10/12/13 6:42:35 EST AM
Try replaceing the /request with /REQMOD. Capitalzation is important.
If that is still failing, try running a tcpdump while performing the test and see what the results are. Hopefully that will get you more infomation than just 'null'.
Hi Andy ,
Sorry it was /REQMOD not /request .. my fault ... I also did tcpdump which im investigating to see if i find something usefull. Anyway thanks for your help .
Unfortunately it is difficult to say what is happening based on the information provided. I can only suggest you run a packet capture on the proxy server or the NDLP Prevent, and check the following on its contents:
1. That the TCP handshake over port 1344 completes successfully
2. The content of REQMOD sent by the proxy to NDLP
3. The ICAP response code from NDLP
If you can collect a capture containing the full data stream here maybe I could provide a more detailed assessment.
Hope this helps.
FAQs for Network DLP - http://kc.mcafee.com/corporate/index?page=content&id=KB77088
FAQs for Email Gateway 7.x - http://kc.mcafee.com/corporate/index?page=content&id=KB76144