6 Replies Latest reply on Nov 21, 2016 8:24 AM by homeuse

    Mcafee Web Gateway as ICAP Client

    radhesh

      Hi,

       

        We are trying to configure Mcafee Web gateway as a ICAP Client for a ATP Solution. I am not able to make it working. Has anyone tried this before. Any help is appreciated.

       

      Radhesh

        • 2. Re: Mcafee Web Gateway as ICAP Client
          catdaddy

          radhesh,

                               Moved from  Community Support to Web Gateway > Discusions

            For better assistance..

           

          By

          Moderator

          • 3. Re: Mcafee Web Gateway as ICAP Client
            smasnizk

            Radhesh,

             

            please be more specific what exactly wont work for you?

             

            Can you confirm web gateway sent icap requests to server?

             

            Did you use predefined Rule set for ICAP client from library?

             

            -Sergej

            • 4. Re: Mcafee Web Gateway as ICAP Client
              Troja

              Hi,

              configures MWG as a ICAP Client and also ICAP server.

              - ICAP Server: Bluecoat Proxy sent the content for scanning.

              - ICAP Client: MWG sent to a 3rd Party Scanner using ICAP.

               

              radhesh, have you done a policy trace to see whats going on?

               

              Cheers

              • 5. Re: Mcafee Web Gateway as ICAP Client
                Regis

                radhesh wrote:

                 

                Hi,

                 

                  We are trying to configure Mcafee Web gateway as a ICAP Client for a ATP Solution. I am not able to make it working. Has anyone tried this before. Any help is appreciated.

                 

                Radhesh

                 

                The customer environment I'm working in currently has MWG's acting as ICAP clients to McAfee NDLP Prevent boxes for data loss prevention.   This leverages the ICAP Client  ruleset from the ruleset library.   Any POST requests with a non-zero body or GET requests with parameters are sent with Reqmod to the NDLP prevent boxes.

                 

                "Rule Tracing Central" in the Troubleshooting tab of the web gateway is worth its weight in gold.    Slap in the client IP address of the machine you're testing with and it'll tell you what rules it's hitting in your policy and the values of all the evaluated properties and should highlight what's missing.     

                 

                To see if anything's going out to your icap server from the web gatweay, hop on the command line of the web gateway and you can do

                 

                tcpdump -c 2000 -A -ni eth0 host x.x.x.x and port 1344

                 

                Which will dump a max of 2000 packets to the screen and show you what icap client queries are being sent to your icap server x.x.x.x  on the icap port.   Your icap port may be different but that's what the default is for the DLP Prevent goodies.   If you wanna write the dump to a file and look at it in Wireshark instead

                 

                tcpdump -c 20000 -vv -s0  -w /opt/mwg/temp/icapdump.pcap  -ni eth0 host x.x.x.x and port 1344

                 

                outta do it.   Use an scp client (like pscp or winscp) to pull /opt/mwg/temp/icapdump.pcap  down to a Windows box and look at it in Wireshark.  Don't forget to get rid of the file when you're done as you don't wanna fill your MWG disk with packet captures. 

                 

                Support I'm sure would help you sort this out too.  Good luck!

                • 6. Re: Mcafee Web Gateway as ICAP Client
                  homeuse

                  Did you try the ICAP Client Ruleset template?