Send the user name to Symantec Vontu DLP

Article Id: 169418

Status: Published

Updated On: 20-09-2017 09:59

Legacy Id: TECH246313

Products:

Data Loss Prevention Network Monitor , Data Loss Prevention , ProxySG Software - SGOS

Issue/Introduction:

Customer his integrated ProxySG with Symantec's DLP solution, Vontu via icap. The customer now wants to send the username via icap and have Vontu dlp do the group lookup based on the username the ProxySG sends.

Cause:

Resolution:

In Proxy device, one can apply policy options given below to achieve this. The options given below depends on how the format should be when sending to the DLP device.

Option 1: Username in the format of "Domain\Username"

<Proxy> action.ICAP_REQMOD_User(yes)

define action ICAP_REQMOD_User set(icap_reqmod.request.x_header.X-Authenticated-User, '$(user:encode_base64)') end

Option 2: Username in the format of "username". i.e. without Domain prefix

<Proxy> action.ICAP_REQMOD_User(yes)

define action ICAP_REQMOD_User set(icap_reqmod.request.x_header.X-Authenticated-User, '$(cs-username:encode_base64)') end

Note: The username sent by the ProxySG is base-64 encoded