What are the requirements for configuring a DLP ICAP service in VPM through Management Center, when using UPE to configure policy for WSS traffic?
Creating a DLP Scanning Service for UPE:
1.) Create an ICAP service on the ProxySG that is serving VPM to Management Center.
a.) Log into the Management GUI of the ProxySG (outside of management center).
b.) Navigate to: Configuration > Content Analysis > ICAP
c.) Click "New" and name the service: "SYMC_DLP" and click "OK"
d.) Edit the new ICAP service to reflect a service URL of "http://dlp.symc.com"
i.) note: this is a dummy URL and should be configured as it reads in the step above.
e.) Beforing saving the changes to the ICAP service, select "DLP" as the type, and ensure it is configured for "Request Modification" towards the bottom.
f.) Click "OK" and "Apply" the changes to the SG when the dialogue closes.
g.) Proceed to close the management console to the ProxySG, this is no longer needed.
2.) Login to Management Center, and launch the VPM editor for the respective WSS policy.
a.) Create a new "Web Access Layer"
i.) The name of the layer is not important to the functionality.
b.) Create a new rule, and click the action field and select "New"
c.) Find "Perform Request Analysis"
d.) In the name field type "SYMC_DLP_SERVICE"
e.) In the left-hand list, select "SYMC_DLP" and move that to the right-hand list by clicking "Add"
f.) Click "OK"
g.) Under the enforcement column, select "WSS"
h.) Save and deploy policy from Management Center.
Testing DLP and verifying via Enforce Server should reflect successful DLP scanning.