You are configuring ICAP with DLP Web Prevent, and you are receiving an error (for example, "Incorrect ICAP response"). You need a method of checking the functionality of Web Prevent without requiring a proxy server for verification.

Data Loss Prevention Network Prevent for Web

In order to prove that the Web Prevent server is functioning properly with regard to accepting ICAP client connections, there are several actions which should show with relative certainty that it is healthy. 

1. Check the status of the Web Prevent server in Enforce. Ensure that there are no errors and that all the processes are running and checking in with the SymantecDLPManager service. (While there, click the Settings button for the server, and confirm the Port setting - default is 1344).
2. Open a Telnet session to the Web Prevent server, specifying the port number (default 1344):
   

   telnet <server_name_or_IP> <port>

3. When the Telnet session opens, type the following and press Enter:
   

   OPTIONS icap://127.0.0.1:1344/reqmod ICAP/1.0

   Note 1: On some servers, depending on the Telnet options, the command may not echo to the screen, or you may need to press Enter twice.
   Note 2: If you are using RESPMOD (as opposed to REQMOD), modify the URL accordingly.

4. If the Web Prevent server is successfully responding to ICAP, the response should look similar to the following (DLP version 15.8 in this example):
   

   ICAP/1.0 200 OK
   ISTag: "Vontu15.8"
   Methods: REQMOD
   Options-TTL: 3600
   Preview: 4096
   Transfer-Preview: *
   Allow: 204
   X-Include: X-Client-IP, X-Authenticated-User
   Encapsulated: null-body=0
   Max-Connections: 25

   Note that if the OPTIONS response does not include the ISTag value, some proxy servers (such as Blue Coat) will fail with an invalid connection error.

5. Hit Ctrl-] to exit the command and get back to the telnet prompt. Type "quit" to exit the Telnet session.