ProxySG & Advanced Secure Gateway

 View Only

 DLP exception page on ProxySG

Jump to Best Answer
Furil's profile image
Furil posted Dec 15, 2020 10:29 AM
Hello,

After setting up the connection from proxySG to DLP, we did validate that ICAP flow is working correctly and exception page is displayed. However one thing bothers me, customer says that DLP server is able to send the ticket number for each incident generated by the DLP server. My question is it possible to get this data on the proxySG ? If yes could you please give me the procedure to process this ?

Thanks in advance

Best regards,
Furil
Slava's profile image
Broadcom Employee Slava posted Dec 28, 2020 09:48 PM Best Answer

Hello Furil, 

Can you please provide more details on exactly what do you mean by "is it possible to get this data on the proxySG" , this question leaves to much room for speculation of what is asked, examples.

1. Can the ticket number inserted in to the DLP exception page by the DLP device be presented to end user when they try to upload something what they are not suppose to?

Answer: Yes it is possible however it depends on how does the DLP injects the Ticket number in to the DLP response and what Headers is it using , we would have to see an sample of the DLP response on packet level, like packet capture, and would have to see a Policy trace taken on the proxy for the blocked by the DLP request to see what do we received from the DLP and what can we use. See the screenshot bellow , that check box checked should make the proxy to provide to the end use the exact Execption page that the DLP or AV is sending in response, so not the Proxy exception by the DLP or AV vendors exception page.

2. Can the ticket number inserted in to the DLP exception page be logged on the proxy as the part of the Proxy Access Logs (traffic logs)?

Answer: Depends on the same variables described in the  #1

I hope this helps.

Slava

Furil's profile image
Furil posted Jan 06, 2021 05:45 AM
Hello Slava,

Sorry for the delay !

Thanks for your feedback, to put it simply DLP server do have its own exception page (DLP device is managed by customer and ProxySG managed by us). They were expecting from us to modify the proxy exception page instead by adding the incident number ....
So yes this is exactly what I need instead of using the proxy exception page, this is clearly a lot more simple for me :)
I will come back to you once test have been done on their side.

Thanks again for your help !

Best regards,
Terence
Furil's profile image
Furil posted Jan 15, 2021 03:10 PM
Hello,


Thanks this was exactly what I needed, now we only have to solve why does the DLP server does not use the variable that should display the incident number when matching the Web prevent policy.

A case has been opened already so we can close this subject ! Thank you for your help :)

Best regards,
Furil