How to test ICAP connectivity to DLP Web Prevent
search cancel

How to test ICAP connectivity to DLP Web Prevent


Article ID: 160349


Updated On:


Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention


You are configuring ICAP with DLP Web Prevent, and you are receiving an error (for example, "Incorrect ICAP response"). You need a method of checking the functionality of Web Prevent without requiring a proxy server for verification.


Data Loss Prevention Network Prevent for Web


In order to prove that the Web Prevent server is functioning properly with regard to accepting ICAP client connections, there are several actions which should show with relative certainty that it is healthy. 

  1. Check the status of the Web Prevent server in Enforce. Ensure that there are no errors and that all the processes are running and checking in with the SymantecDLPManager service. (While there, click the Settings button for the server, and confirm the Port setting - default is 1344).
  2. Open a Telnet session to the Web Prevent server, specifying the port number (default 1344):

    telnet <server_name_or_IP> <port>

  3. When the Telnet session opens, type the following and press Enter:

    OPTIONS icap:// ICAP/1.0

    Note 1: On some servers, depending on the Telnet options, the command may not echo to the screen, or you may need to press Enter twice.
    Note 2: If you are using RESPMOD (as opposed to REQMOD), modify the URL accordingly.

  4. If the Web Prevent server is successfully responding to ICAP, the response should look similar to the following (DLP version 15.8 in this example):

    ICAP/1.0 200 OK
    ISTag: "Vontu15.8"
    Methods: REQMOD
    Options-TTL: 3600
    Preview: 4096
    Transfer-Preview: *
    Allow: 204
    X-Include: X-Client-IP, X-Authenticated-User
    Encapsulated: null-body=0
    Max-Connections: 25

    Note that if the OPTIONS response does not include the ISTag value, some proxy servers (such as Blue Coat) will fail with an invalid connection error.

  5. Hit Ctrl-] to exit the command and get back to the telnet prompt. Type "quit" to exit the Telnet session.