search cancel

Symantec Cloud DLP Integration with WSS UPE

book

Article ID: 174410

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

  • Symantec Cloud Data Loss Prevention (DLP) Integration with Symantec Web Security Service (WSS) (no UPE) is described here Integrate With Symantec DLP Cloud.
  • WSS with UPE requires different configuration and it requires some steps to do on WSS portal, Management Center (MC) and Proxy SG.

Environment

  • Web Security Services (WSS) with Universal Policy Enforcement (UPE), so policies managed by Management Center (MC)
  • Symantec Cloud DLP

Resolution

Steps to perform on Proxy SG

  1. Login to Proxy SG console and navigate to "Configuration > Content Analysis > ICAP"
  2. In "ICAP Services" tab create new ICAP service
  3. Once the service name is created, edit that and make these 3 modifications:
    1. Next to "Service URL" enter icap protocol followed by an ip address (it might be a dummy ip address, as WSS will overwrite this once policy is pushed from Management Center), so the sample entry might be:
    2. icap://10.11.12.13
    3. Next to "Service type" change the option to "DLP"
    4. In "ICAP v1.0 Options" section change to "request modification" as the supported method
  4. After hitting ok, ensure to Apply the changes

Steps to perform on Management Center

  1. Login to MC console, go to Policies and click on Launch VPM Editor
  2. Go to menu Policy and create a Web Content Layer
  3. Change the default rule:
    1. Right click on the "Use Default Caching" in Action column and select "Set"
    2. In the "Set Action Object" window click on New and select "Perform Request Analysis"
    3. From "Available services" move the ICAP service created on SG to the right window and click OK
    4. Right click on the "Appliance" in Enforcement column and select "WSS" (if policy should apply only for WSS) or "Universal" (if policy should apply on WSS and SG)
    5. Save the policy
  4. Install policy to WSS - go to "Targets" tab, click on WSS target and select "Install to Target". Policy will be deployed to WSS now

Steps to perform on WSS portal

  1. Login to WSS portal and go to "Service > Data Loss Prevention"
  2. Ensure the "Scanning level" is changed to "Scanning enabled" and "Symantec URL" and "Detector ID" values are entered