Symantec DLP NPW not showing ICAP traffic with GoAnywhere proxy
search cancel

Symantec DLP NPW not showing ICAP traffic with GoAnywhere proxy

book

Article ID: 218232

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

In DLP Network Prevent for Web server logs - WebPrevent_Access0 has logged the information about ICAP Client request, the traffic reflected on the Enforce server console > server overview > Message is not shown

- Symantec DLP Network Prevent for Web integrated with ICAP client
- GoAnywhere as a Proxy - Review the GoAnywhere documentation for accuracy related to the GoAnywhere product.

  • ICAP client forwards the traffic to the Symantec DLP Network Prevent for Web server to inspect

Environment

Release : 15.x

Component : Symantec DLP Network Prevent for Web

Cause

To get the traffic visible in DLP Web Prevent and Enforce changes in Go Anywhere configuration and the Symantec DLP Network Prevent for Web configuration are required.

Resolution

To get the traffic visible in DLP Web Prevent and Enforce changes in Go Anywhere configuration and the Symantec DLP Network Prevent for Web configuration are required as follows:

Note: GoAnywhere Proxy did not support only RESPMOD for DLP scan, if this is true for your product, configured only for Response Filtering in Symantec DLP Network Prevent for Web

In Symantec DLP

L7.minSizeOfGetUrl = 1

GoAnywhere Configuration

Provide the ICAP URL( icap://hostname/ip:1344/RESPMOD) to GoAnywhere Proxy, along with the icap URL, then also configure the Content Type in GoAnywhere settings.

  • If the Content Type is not configured in GoAnywhere Proxy, then Symantec DLP Network Prevent for Web (NPW) will send out response action_code = 5 which = allow_without_inspection.

 

Powered by Wolken Software