Data Loss Prevention

 DLP ICAP response

posted 01-21-2021 04:30 AM
Hello,

I dig out an old subject regarding an ICAP response to proxySG. I understand that ICAP response code 200 means that it validate that DLP server is reachable (thanks by the way to DLP freak and Stephane for initiating this subject which helped me to understand ! here the link for people that might be interested : https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewthread?MessageKey=e26b2be5-ad2b-4ba9-8f36-5594872d65a9&CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=digestviewer#bme26b2be5-ad2b-4ba9-8f36-5594872d65a9)

My question, is the explicit "block upload" in the "text" format the only way to validate that flow is blocked ? (error code that we could add to help for a dump ...)

Thanks in advance for your help

Best regards,
Furil
based on this KB there is an action code that the DLP server returns to the proxy
https://knowledge.broadcom.com/external/article?legacyId=tech218682