As far as I know, FireEye NX does (still) not support ICAP. It only accepts traffic as bridge / traffic from a monitoring port. But I'm not sure about this, as I did not monitor the NX releases lately.
I.e. I see two options to send traffic from the Proxy to the NX:
- Encrypted TAP: Send decrypted traffic from ProxySG to a interface that is being monitored by NX
- Sandbox integration with CAS: The CAS sends the scanned objects to an interface that is being monitored by NX
Best regards, Matthias
Original Message:
Sent: 07-13-2020 02:23 PM
From: Joshua Rosetta
Subject: ProxySG ICAP integration with FireEye NX
Hello All,
Has anyone integrated the Proxy SG into the FireEye NX before since the NX does ICAP scanning? This would be a great addition because then the FireEye Stack can get updated of any hits the ProxySG finds and inform our FireEye HX endpoints as well.