ICAP Connector
Configuring Symantec ProxySG to work with Votiro ICAP Server
Description
This tutorial describes the configuration for the ProxySG that is mandatory for integration with Votiro ICAP (Internet Content Adaptation Protocol) Server. The ProxySG configuration will apply in its management interface.
After you have successfully deployed ProxySG, you may access its interface by browsing to https://[ProxySG_IP_Address]:8082. Then you need to ensure you have activated the license under the Administration tab.
Limitations:
| n | Platforms with more than one API call for File Upload are whitelisted. The following are the whitelisted platforms: |
| n | You need to whitelist the cluster URL in Votiro service config map. For example - "white_list_baseruls": ["votiro-proxy.malaga.local"] |
| n | Maximum file sizes are limited to: |
Procedure
| 1. | Ensure that Explicit HTTP traffic is intercepted. |
| a. | In the ProxySG management console, navigate to Configuration > Services > Proxy Services. |
| b. | Ensure that Intercept Mode is set to Interception: Proxy Services. |
| c. | On the Edit Proxy Service page, set the Service Name to Explicit HTTP, as in the screenshot below. |
| d. | Verify that Service Action is set to Intercept. |
| 2. | Navigate to Configuration > Policy > Policy Options and configure the proxy policy as in the screenshot below: |
| 3. | Create the response mode for Download: |
| a. | Navigate to Configuration > Content Analysis > ICAP. |
| b. | Click on +Add and select ICAP Service. |
| c. | Enter the following settings: |
| | Under Basic Settings, type a name for the service. For example, VotiroICAP |
| | For the Service URL: type icap://<VA_NODE_IP>/response |
| | Set Service Type to: Other |
| | Set Maximum number of connections to 25 |
| | Set Connection timeout to 200 |
| | Check Defer scanning at threshold |
| | Uncheck Notify administrator when virus detected (Email msg) |
| | For “Virus found” page, select the second option, Use exception page from the Edge SWG (ProxySG) |
| | Configure Ports by checking Support plain ICAP connections |
| | Set Plain ICAP port to 31344 |
| | Uncheck Support secure ICAP connections |
| | Under ICAP Options, for Notification method, select Response |
| | Under Send, select Client Address and Server Address |
| 4. | Apply and save the changes. |
| 5. | Create the Votiro ICAP response policy for download: |
| a. | In the ProxySG management console, navigate to Configuration > Policy > Visual Policy Manager. |
| b. | Click on +Add Layer, select Web Content and click Add. |
| c. | Type a name for the new Web Content Layer. For example, “Votiro ICAP Server RespMod”. |
| d. | Expand the rule and choose Set. |
| e. | In the search box, search for Perform Response Analysis and click Set. |
| f. | Configure the Perform Response Analysis screen: |
| i. | Select Use the following external response analysis services. |
| ii. | From the available list, select the service for the response mode you created in Step 3c above. In this example, VotiroICAP. |
| iii. | Move the service to the Selected - Ordered List. |
| iv. | Click on Apply. and then on Apply Policy. |
| 6. | Configure ProxySG to intercept SSL traffic. By default, encrypted traffic won’t be captured by ProxySG. Follow the steps below if you’d like to enable ProxySG to decrypt SSL connections. |
| a. | In the ProxySG management console, select Configuration > SSL > Keyrings. |
| b. | Click on +Add Keyring. |
| c. | Type a name for the Keyring. For example, SSL_Self_Signed |
| d. | You may leave Private Key Visibility unchecked. |
| e. | For Private Key, select Generate new. |
| f. | Set Private Key Length to 2048. |
| g. | Under Certificate, select Create. |
| h. | On the Create Certificate page, fill in all the required information based on environment and requirements: |
| 7. | Enable your newly created certificate by following the steps below: |
| a. | Navigate to the Visual Policy Manager. |
| c. | Choose SSL Intercept and click on Add. |
| d. | Type a name for the Layer. For example, “SSL Intercept Layer (1)”. |
| f. | Expand the rule that was added and click under Action and select Set. |
| g. | Click on +Add a new object and select Enable SSL Interception. |
| h. | In the Edit HTTPS Interception Object window, apply the following settings: |
| | Select Enable HTTPS Interception. |
| | Check Issuer Keyring and select the newly created certificate. |
| 8. | To configure the Request Mode for protecting files that are being uploaded, please follow the below procedure: |
| a. | Navigate to Configuration > Content Analysis > ICAP. |
| b. | Click on +Add and select ICAP Service. |
| c. | Enter the following settings: |
| | Under Basic Settings, type a name for the service, for example, VotiroICAPrequest |
| | For the Service URL: type icap://<VA_NODE_IP>/request |
| | Set Service Type to: Other |
| | Set Maximum number of connections to 25 |
| | Set Connection timeout to 70 |
| | Check Defer scanning at threshold |
| | Uncheck Notify administrator when virus detected (Email msg) |
| | For “Virus found” page, select the second option, Use exception page from the Edge SWG (ProxySG) |
| | Configure Ports by checking Support plain ICAP connections |
| | Set Plain ICAP port to 31344 |
| | Uncheck Support secure ICAP connections |
| | Under ICAP Options, for Notification method, select Request |
| | Under Send, select Client Address and Server Address |
| d. | Apply and save the changes. |
| 9. | Create a Visual Policy for the request mode: |
| a. | In the ProxySG management console, navigate to Configuration > Policy > Visual Policy Manager. |
| b. | Click on +Add Layer, select Web Content and click Add. |
| c. | Type a name for the new Web Content Layer. For example, “Votiro ICAP Server RequestMode”. |
| d. | Expand the rule and choose Set. |
| e. | In the search box, search for Perform Request Analysis and click Set. |
| f. | Select Use the following external request analysis services and from the available list, select the service you configured in step 8c above. In this example, VotiroICAPrequest. |
| g. | Move the selected service to the Selected - Ordered List. |
| h. | Click on Apply and then Apply Policy. |
ICAP Server Configuration in the Votiro Management Console
To get to the ICAP Server page from the navigation pane on the left, click Cloud Connectors and Integrations > ICAP Server.
The ICAP Server page contains the following fields:
| n | Policy name - Select a policy to work with the connector. Select the Default Policy policy if you have not created an alternative policy to use. |
| n | Channel name - Specify the name of your channel. The channel name appears in the Incidents page as the name of a connector. This is the name of the service you configured in the ProxySG Management Console. |
ICAP traffic is displayed in the Management dashboard under Data source > File connector > ICAP Server.
The user can view and filter ICAP incidents by using the ICAP channel name in the filter channels.
Comments
0 comments
Please sign in to leave a comment.