in the products rule library there is a rule "DLP via ICAP" in the "DLP" category. That rule should forward the traffic to the external DLP box. Put the rule set close the end of the policy, maybe in front of the AV rules to allow MWG to block as many requests as possible before asking the DLP solution via ICAP.
Thanks for the answer it is done from mwg part but the destination DLP solution is Symantec, we are not getting any traffic in the symantec DLP.
if mwg ICAP client has any compatibility with other other dlp solutions.
1 of 1 people found this helpful
There should not be any compatibility problems, since ICAP is a defined protocol to transfer data from one system to another one for modification. You can easily go to the Troubleshooting tab in MWG, to the "Packet Captures" section and run a packet capture. Type "-i any port 1344" into the command line field and start the capture. Then transfer some data through MWG and have a look into the dump.
You should be able to verify that MWG sends data off to the ICAP server by looking into the file.
Please note that on MWG side you most likely have to enable SSL scanner and need to send some data, as requests without any payload will not be sent to the ICAP server. A rule engine trace on MWG will reveal if you hit the DLP rule set as expected.