Symantec DLP NPW not showing ICAP traffic with GoAnywhere proxy
Article ID: 218232
Updated On:
Products
Issue/Introduction
- Symantec DLP Network Prevent for Web (NPW) integrated with ICAP client
- GoAnywhere v6.7.1 as a Proxy
- ICAP client forwards the traffic to the Symantec DLP Network Prevent for Web (NPW) server to inspect
- In NPW server logs - WebPrevent_Access0 has logged the information about ICAP Client request
- The traffic reflected on the Enforce server console > server overview > Message is not shown
Environment
Release : 15.x
Component : Symantec DLP Network Prevent for Web (NPW)
Cause
To get the traffic visible in DLP Web Prevent and Enforce changes in Go Anywhere configuration and the Symantec DLP Network Prevent for Web configuration are required.
Resolution
To get the traffic visible in DLP Web Prevent and Enforce changes in Go Anywhere configuration and the Symantec DLP Network Prevent for Web configuration are required as follows:
Note: GoAnywhere v6.7.1 Proxy will support only RESPMOD for DLP scan, REQMOD is not supported by GoAnywhere v6.7.1 Proxy, so configured only for Response Filtering in Symantec DLP Network Prevent for Web (NPW)
In Symantec DLP
L7.minSizeOfGetUrl = 1
GoAnywhere Configuration
Provide the ICAP URL( icap://hostname/ip:1344/RESPMOD) to GoAnywhere v6.7.1 Proxy, along with this URL, then also configure the Content Type in GoAnywhere settings.
If the Content Type is not configured in GoAnywhere v6.7.1 Proxy, then Symantec DLP Network Prevent for Web (NPW) will send out response action_code = 5 which = allow_without_inspection.
Attachments
Feedback
