Symantec Cloud DLP Integration with Cloud SWG (formerly known as WSS) UPE
search cancel

Symantec Cloud DLP Integration with Cloud SWG (formerly known as WSS) UPE

book

Article ID: 174410

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

  • Symantec Cloud Data Loss Prevention (DLP) Integration with Cloud SWG (no UPE) is described here Integrate With Symantec DLP Cloud.
  • Cloud SWG with UPE requires different configuration and it requires some steps to do on Cloud SWG portal, Management Center (MC) and Proxy SG.

Environment

  • Cloud SWG with Universal Policy Enforcement (UPE), so policies managed by Management Center (MC)
  • Symantec Cloud DLP

Resolution

Steps to perform on Edge SWG (formerly known as Proxy SG)

  1. Login to Proxy SG console and navigate to "Configuration > Content Analysis > ICAP"
  2. In "ICAP Services" tab create new ICAP service with the name 'symc_dlp'. Note that selecting another name may result in conflicts and the ICAP service failing.
  3. Once the service name is created, edit that and make these 3 modifications:
    1. Next to "Service URL" enter icap protocol followed by an ip address (it might be a dummy ip address, as WSS will overwrite this once policy is pushed from Management Center), so the sample entry might be:
      icap://<icap_ip address>
    2. Next to "Service type" change the option to "DLP"
    3. In "ICAP v1.0 Options" section change to "request modification" as the supported method
  4. After hitting ok, ensure to Apply the changes

Steps to perform on Management Center

  1. Login to MC console, go to Policies and click on Launch VPM Editor
  2. Click on "Add Layer" and create a Web Access layer
  3. Change the default rule:
    1. In the "Service" column select "Set"


    2. In "Set Service Object" click on "Add a new object" and select "Protocol Methods"


    3. Change a name to "HTTP Methods" for example, change "Protocol" to "HTTP/HTTPS",  select "PUT" and "POST" methods


    4. Click on "Apply" and then ensure new HTTP Methods service object is selected and click on "Set"


    5. In the "Action" column select "Set" and then "Add a new object". Select "Perform Request Analysis"


    6. From "Available services" move the ICAP service created on Edge SWG to the right window and click OK

    7. Right click on the "Appliance" in Enforcement column and select "WSS" (if policy should apply only for Cloud SWG) or "Universal" (if policy should apply on Cloud SWG and Edge SWG)

    8. Save the policy
  4. Install policy to WSS - go to "Targets" tab, click on WSS target and select "Install to Target". Policy will be deployed to WSS now

Steps to perform on Cloud SWG portal

  1. Login to Cloud SWG portal and go to "Service > Data Loss Prevention"
  2. Ensure the "Scanning level" is changed to "Scanning enabled" and "Symantec URL" and "Detector ID" values are entered

 

Powered by Wolken Software