search cancel

Symantec Cloud DLP Integration with Cloud SWG (formerly known as WSS) UPE

book

Article ID: 174410

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

  • Symantec Cloud Data Loss Prevention (DLP) Integration with Cloud SWG (no UPE) is described here Integrate With Symantec DLP Cloud.
  • Cloud SWG with UPE requires different configuration and it requires some steps to do on Cloud SWG portal, Management Center (MC) and Proxy SG.

Environment

  • Cloud SWG with Universal Policy Enforcement (UPE), so policies managed by Management Center (MC)
  • Symantec Cloud DLP

Resolution

Steps to perform on Proxy SG

  1. Login to Proxy SG console and navigate to "Configuration > Content Analysis > ICAP"
  2. In "ICAP Services" tab create new ICAP service with the name 'wss_dlp'. Note that selecting another name may result in conflicts and the ICAP service failing.
  3. Once the service name is created, edit that and make these 3 modifications:
    1. Next to "Service URL" enter icap protocol followed by an ip address (it might be a dummy ip address, as WSS will overwrite this once policy is pushed from Management Center), so the sample entry might be:
    2. icap://10.11.12.13
    3. Next to "Service type" change the option to "DLP"
    4. In "ICAP v1.0 Options" section change to "request modification" as the supported method
  4. After hitting ok, ensure to Apply the changes

Steps to perform on Management Center

  1. Login to MC console, go to Policies and click on Launch VPM Editor
  2. Go to menu Policy and create a Web Content Layer
  3. Change the default rule:
    1. Right click on the "Use Default Caching" in Action column and select "Set"
    2. In the "Set Action Object" window click on New and select "Perform Request Analysis"
    3. From "Available services" move the ICAP service created on SG to the right window and click OK
    4. Right click on the "Appliance" in Enforcement column and select "WSS" (if policy should apply only for WSS) or "Universal" (if policy should apply on WSS and SG)
    5. Save the policy
  4. Install policy to WSS - go to "Targets" tab, click on WSS target and select "Install to Target". Policy will be deployed to WSS now

Steps to perform on Cloud SWG portal

  1. Login to Cloud SWG portal and go to "Service > Data Loss Prevention"
  2. Ensure the "Scanning level" is changed to "Scanning enabled" and "Symantec URL" and "Detector ID" values are entered