ProxySG & Advanced Secure Gateway

Hello All,

Has anyone integrated the Proxy SG into the FireEye NX before since the NX does ICAP scanning? This would be a great addition because then the FireEye Stack can get updated of any hits the ProxySG finds and inform our FireEye HX endpoints as well.

Hello Joshua,

I am sure if Fireye does AV scanning following the ICAP RFC standards then proxy can  be configured to send files for scanning to the Fireye just like it does today to any other third party vendor for example McAfee  devices etc.

All you would need is the ICAP RespMod URL from the Fireye and configure it in to the proxy under the ICAP Respons Mod Profile.
See the Proxy Admin Guide Chapter 25 on how to configure ICAP : http://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/proxysg/7-2/generated-pdfs/SGOS_72_Admin_Guide.pdf

I hope this helps.
Slava V
Original Message:
Sent: 07-13-2020 02:23 PM
From: Joshua Rosetta
Subject: ProxySG ICAP integration with FireEye NX

Hello All,

Has anyone integrated the Proxy SG into the FireEye NX before since the NX does ICAP scanning? This would be a great addition because then the FireEye Stack can get updated of any hits the ProxySG finds and inform our FireEye HX endpoints as well.

As far as I know, FireEye NX does (still) not support ICAP. It only accepts traffic as bridge / traffic from a monitoring port. But I'm not sure about this, as I did not monitor the NX releases lately.

I.e. I see two options to send traffic from the Proxy to the NX:
- Encrypted TAP: Send decrypted traffic from ProxySG to a interface that is being monitored by NX
- Sandbox integration with CAS: The CAS sends the scanned objects to an interface that is being monitored by NX


Best regards, Matthias
Original Message:
Sent: 07-13-2020 02:23 PM
From: Joshua Rosetta
Subject: ProxySG ICAP integration with FireEye NX

Hello All,

Has anyone integrated the Proxy SG into the FireEye NX before since the NX does ICAP scanning? This would be a great addition because then the FireEye Stack can get updated of any hits the ProxySG finds and inform our FireEye HX endpoints as well.

Hello Joshua, 


Mathias is correct about the options available at this time.
If Fireye does not support files being sent by the RFC Standard ICAP Protocol, then you are left with the tow options.

• Proxy has the TAP option that decrypted data can be sent over the wire, if Fireye will accept that then it will work, however the decisions made by the Fireye wont affect the user traffic, since the Fireye will be receiving a copy of the traffic.
• Content Analysis CAS can send files to Fireye for sand-boxing via the existing option in CAS for Fireye

I hope this helps.
Slava
Original Message:
Sent: 07-13-2020 02:23 PM
From: Joshua Rosetta
Subject: ProxySG ICAP integration with FireEye NX

Hello All,

Has anyone integrated the Proxy SG into the FireEye NX before since the NX does ICAP scanning? This would be a great addition because then the FireEye Stack can get updated of any hits the ProxySG finds and inform our FireEye HX endpoints as well.

Thank you all for the replies. Apparently the latest release of the FireEye NX does support ICAP integration.
Original Message:
Sent: 07-20-2020 10:19 AM
From: Slava Vasilasco
Subject: ProxySG ICAP integration with FireEye NX

Hello Joshua, 


Mathias is correct about the options available at this time.
If Fireye does not support files being sent by the RFC Standard ICAP Protocol, then you are left with the tow options.

• Proxy has the TAP option that decrypted data can be sent over the wire, if Fireye will accept that then it will work, however the decisions made by the Fireye wont affect the user traffic, since the Fireye will be receiving a copy of the traffic.
• Content Analysis CAS can send files to Fireye for sand-boxing via the existing option in CAS for Fireye

I hope this helps.
Slava
Original Message:
Sent: 07-13-2020 02:23 PM
From: Joshua Rosetta
Subject: ProxySG ICAP integration with FireEye NX

Hello All,

Has anyone integrated the Proxy SG into the FireEye NX before since the NX does ICAP scanning? This would be a great addition because then the FireEye Stack can get updated of any hits the ProxySG finds and inform our FireEye HX endpoints as well.

HigherHo, did you get the time to test out the ICAP integration with FireEye?  I would be really interested to hear about it.
Original Message:
Sent: 08-25-2020 04:13 PM
From: test test
Subject: ProxySG ICAP integration with FireEye NX

Thank you all for the replies. Apparently the latest release of the FireEye NX does support ICAP integration.
Original Message:
Sent: 07-20-2020 10:19 AM
From: Slava Vasilasco
Subject: ProxySG ICAP integration with FireEye NX

Hello Joshua, 


Mathias is correct about the options available at this time.
If Fireye does not support files being sent by the RFC Standard ICAP Protocol, then you are left with the tow options.

• Proxy has the TAP option that decrypted data can be sent over the wire, if Fireye will accept that then it will work, however the decisions made by the Fireye wont affect the user traffic, since the Fireye will be receiving a copy of the traffic.
• Content Analysis CAS can send files to Fireye for sand-boxing via the existing option in CAS for Fireye

I hope this helps.
Slava
Original Message:
Sent: 07-13-2020 02:23 PM
From: Joshua Rosetta
Subject: ProxySG ICAP integration with FireEye NX

Hello All,

Has anyone integrated the Proxy SG into the FireEye NX before since the NX does ICAP scanning? This would be a great addition because then the FireEye Stack can get updated of any hits the ProxySG finds and inform our FireEye HX endpoints as well.