Confirmed in traffic analysis that CloudSOC is contacting Data Loss Prevention (DLP) when clicking Connect in the Tenant and found that CloudSOC displayed issues when DLP Services were turned off.
Tested Content IQ (CIQ) Policy, configured to target keywords and confirmed content is being scanned; however, traffic analysis displayed the data failed to send DLP.
Tenant Banner displayed: We are not able to connect to the specified host. Please try again after sometime.
Confirmed CloudSOC was unable to communicate with the DLP content servers, for DLP support for ICAP is limited to on-prem components such as network devices and file servers, so ICAP is not supported for the Cloud in this particular scenario for use with Cloud applications.
Confirmed that Securlets use a dynamic range to IPs from Amazon to be able to provide an elastic infrastructure that scales with the customers; therefore, fixed IP ranges are not supported.
Note: The Gateway IP document outlining IP whitelisting is not a correct source of reference for the Securlets for it was written for Gateway IP segment of the Tenant.
Symantec recommends and supports REST API based integration between DLP (Enforce) and CASB.