ICAP Options used by DLP Web Prevent when "sense settings" used with Edge SWG (ProxySG)
search cancel

ICAP Options used by DLP Web Prevent when "sense settings" used with Edge SWG (ProxySG)

book

Article ID: 406900

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS

Issue/Introduction

When collecting ICAP settings in the Proxy Console for the linked DLP Network Prevent for Web host, what options should be returned?

In the Edge SWG Console, navigate to Configuration > Content Analysis > ICAP > Analysis view > Select one of the ICAP Services (DLP server) > ICAP Options > select "Sense Settings".

Environment

Symantec Data Loss Prevention Network Prevent for Web 16.x
Symantec Edge SWG (ProxySG)

Resolution

DLP Network Prevent for Web uses Authenticated User and Client Address. Any additional options manually checked will be removed after clicking "Sense Settings"

Additional Information

Successful wireshark PCAP results from the DLP Web Prevent server show the following X-Include results (in red) when "Sense Settings" is triggered:

OPTIONS icap://<server>/reqmod ICAP/1.0

Host: <hostname>

X-Client-Abandon-Supported: 1

X-ISTag-Version: 2

X-Scan-Progress-Interval: 10

Encapsulated: null-body=0

 

ICAP/1.0 200 OK

ISTag: "Vontu16.0"

Methods: REQMOD

Options-TTL: 3600

Preview: 4096

Transfer-Preview: *

Allow: 204

X-Include: X-Client-IP, X-Authenticated-User

Encapsulated: null-body=0

Max-Connections: 128

Powered by Wolken Software