please be more specific what exactly wont work for you?
Can you confirm web gateway sent icap requests to server?
Did you use predefined Rule set for ICAP client from library?
configures MWG as a ICAP Client and also ICAP server.
- ICAP Server: Bluecoat Proxy sent the content for scanning.
- ICAP Client: MWG sent to a 3rd Party Scanner using ICAP.
radhesh, have you done a policy trace to see whats going on?
We are trying to configure Mcafee Web gateway as a ICAP Client for a ATP Solution. I am not able to make it working. Has anyone tried this before. Any help is appreciated.
The customer environment I'm working in currently has MWG's acting as ICAP clients to McAfee NDLP Prevent boxes for data loss prevention. This leverages the ICAP Client ruleset from the ruleset library. Any POST requests with a non-zero body or GET requests with parameters are sent with Reqmod to the NDLP prevent boxes.
"Rule Tracing Central" in the Troubleshooting tab of the web gateway is worth its weight in gold. Slap in the client IP address of the machine you're testing with and it'll tell you what rules it's hitting in your policy and the values of all the evaluated properties and should highlight what's missing.
To see if anything's going out to your icap server from the web gatweay, hop on the command line of the web gateway and you can do
tcpdump -c 2000 -A -ni eth0 host x.x.x.x and port 1344
Which will dump a max of 2000 packets to the screen and show you what icap client queries are being sent to your icap server x.x.x.x on the icap port. Your icap port may be different but that's what the default is for the DLP Prevent goodies. If you wanna write the dump to a file and look at it in Wireshark instead
tcpdump -c 20000 -vv -s0 -w /opt/mwg/temp/icapdump.pcap -ni eth0 host x.x.x.x and port 1344
outta do it. Use an scp client (like pscp or winscp) to pull /opt/mwg/temp/icapdump.pcap down to a Windows box and look at it in Wireshark. Don't forget to get rid of the file when you're done as you don't wanna fill your MWG disk with packet captures.
Support I'm sure would help you sort this out too. Good luck!
Did you try the ICAP Client Ruleset template?