DLP detector does not see any ICAP requests when integrated with Cloud SWG
Article ID: 249273
Updated On:
Products
Issue/Introduction
Symantec Data Loss Prevention (DLP) is integrated with Cloud SWG.
WSS Policy is defined to forward all traffic into DLP with 'scan traffic from all source option', and 'scan all outgoing payloads' enabled.
The DLP dashboard showing up no incidents despite users triggering requests that should trigger DLP policies to kick in.
No incidents or messages showing up in the Enforce System Overview.
Environment
Symantec DLP Enforce 15.8.
Cloud SWG with DLP connector.
Cause
Cloud SWG DLP configuration setup pointing to an invalid Symantec URL.
Resolution
The DLP integration pointing to an incorrect Symantec DLP URL was handed out as part of the provisioning process. The URL returned when provisioning the WSS DLP integration was from the symantec.com domain, yet the back end expected the broadcom.com domain. Replacing the highlighted symantec string below with broadcom fixed the issue.
For details on making similar changes with the UPE/Management Center environment, check out https://knowledge.broadcom.com/external/article/174410.
Additional Information
Cloud SWG DLP integration policies can also be managed from UPE.
Feedback
