Traffic flow when ProxySG is integrated with ICAP devices
Last Updated August 30, 2017
Trace the path taken by a web request made to the ProxySG when ICAP devices like DLP (Data Leakage Prevention) or AV Scanner (Content Analysis or ProxyAV) are integrated to it.
ProxySG integrated with DLP and network based AV Scanning devices
The important thing to notice that, there are 2 type of SCAN happening here. "Request Scan" (aka REQMOD) and "Response Scan" (aka RESPMOD). As the name suggests, REQMOD is to deal with any requests sent by client and that too before sending it to the server OCS. RESPMOD will kick in when an object is returned by the OCS and before sending it to client. Now based on this setup, the steps will be as below
Request from client to proxy for an object.
Proxy sends the request to DLP server using ICAP protocol (Over TCP 1344 for clear text)
If DLP finds no issues with the Request, Proxy will FWD it to OCS
Response from the OCS
Proxy sends this file to the ProxyAV for scanning over ICAP protocol (Port 1344 for clear text). This normally includes the request from the client as well as the response from the server.
Now one among the below can happen
ProxyAV finds a malicious content and informs proxy via an exception. Proxy passes an exception to the client while dropping the object.
ProxyAV finds the file to be safe and inform ProxySG that it is clean. Proxy serves the file to the client.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.