Data Loss Prevention

I am failing to integrate DLP with the Blue coat SG Porxy. I have confiured reqmod and respmod ICAP services on the bluecoat with an ICAP URL of icap://<x.x.x.x>:1344/<respmod/reqmod> and I have made sure the ICAP ports match on the Network Prevent for Web server. However no ICAP traffic is flowing. Could someone assist with a step by step Guide. The environment has 2 Blue coat proxies load balanced by an F5 appliance.

Maybe you've done this already & not listed it separately in your query but I suppose even ICAP response service object configuration is needed.

We had done this sometime back by following step-by-step, the instructions in the PDF from bluecoat (see below). Again, maybe you are using the same already, kindly ignore if already known.

https://bto.bluecoat.com/sites/default/files/tech_briefs/Generic_ICAP_Integation.4.pdf

Additionally it could even be possible that you're using forward trust on proxy and that DLP is getting encrypted traffic. It might even make sense to run a wireshark capture on the DLP web prevent box and see if any/correct type of traffic is being received on 1344.

If you've followed the ICAP guide on the bluecoat site, ensure the site you're using to test match the categories you're forwarding to DLP in the Virtual Policy Manage (Blue Coat VPM).

In addition, you need to have HTTPS Interception enabled and working on the Blue Coat proxy if you're forwarding HTTPS traffic via ICAP (and/or using it as a test).