This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alessandro_Marr
Advisor
‎2019-03-26 02:23 PM

ICAP client on R80.20 and 3rd DLP Server Symantec

Hello  all, anyone could share a configuration example about using R80.20 as a client ICAP for a Web Prevent Symantec DLP Server?

when I Trying the gateway doesn´t understand a message to block came from DLP server.

Thanks.

 

Regards.

 

8 Replies
PhoneBoy
Admin
Admin
‎2019-03-27 05:58 PM

I believe our initial support around ICAP was developed specifically for Symantec DLP.
It would help to understand what steps you've taken to configure it.
Alessandro_Marr
Advisor
‎2019-04-03 03:49 AM
In response to PhoneBoy

Hello Dameon, do you have a configuration (example) to share? I have a DLP server Symantec WEB Prevent version 15.x,  SMS R80.20 M2 and two gateways r80.20 take 33 using Cluster high availability,

 

When my DLP server respond an ICAP request message from my gateway (in REQMOD) the body message came with a html format explain the block ocurred and my gateway does not show the page. I tried change the parameter to show block message or not show block message... but didn´t work.

**parameter user_check_interaction_name is correct.

 

 # vi icap_client_blade_configuration.C

(
:enabled ("true")
:filter_http_method (
: (
:method ("POST")
)
)
:http_services (
: (
😛ort (8080)
)
)
:inspect_html_response ("true")
:user_check_interaction_name ("Bloqueio de Aplicativo")
:trickling_mode (0)
:log_level (1)
:icap_servers (
: (
:name ("DLP_Symantec")
:ip ("10.100.1.190")
:ip6 ("")
😛ort (1344)
:service ("reqmod")
😛roto ("icap")
:modification_mode ("reqmod")
:transp ("3rd_cpas")
:failmode (open)
:timeout (61)
:max_conns (100)
:user_check_action (2)
:x_headers (
:x_client_ip ("true")
:x_server_ip ("true")
:x_authenticated_user ("true")
:authentication_source ("Local")
😛ase64_username_encode ("true")
)
)
)
:rules_type ("include")
:network_filter_rules_ip4 (
: (
:src_ip_ranges (
: (
:min_ip ("10.100.41.105")
:max_ip ("10.100.41.106")
)
)
:dst_ip_ranges (
: (
:min_ip ("any")
:max_ip ("any")
)
)
)
)
:network_filter_rules_ip6 (
: (
:src_ip_ranges (
: (
:min_ip ("")
:max_ip ("")
)
)
:dst_ip_ranges (
: (
:min_ip ("")
:max_ip ("")
)
)
)
)
)

Thanks 

PhoneBoy
Admin
Admin
‎2019-04-03 10:13 AM
In response to Alessandro_Marr

I don't have sample configurations, I just know from prior conversations with R&D where previous versions of this feature came from 🙂
I recommend engaging with the TAC on this as I do see a couple support tickets on this (but on earlier releases).
Alessandro_Marr
Advisor
‎2019-04-05 06:40 AM
In response to PhoneBoy

ok, thank you.

HeikoAnkenbrand
Champion Champion
Champion
‎2019-04-05 01:43 PM
In response to Alessandro_Marr

Hi @Alessandro_Marr 

ask @Thomas Werner 

He is an expert in TE and ICAP questions.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion
‎2019-04-05 01:47 PM
In response to Alessandro_Marr

Or see SK111305:

Check Point support for Internet Content Adaptation Protocol (ICAP) client with data modification

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Aleksandr88
Explorer
‎2019-07-22 07:54 AM
In response to Alessandro_Marr

did u succeed in setting up successfully?
Alessandro_Marr
Advisor
‎2019-08-30 05:39 AM
In response to Aleksandr88

yes, using r80.20 take 74

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events