Video Screencast Help

Can we block https traffic through Symantec DLP Network Prevent (Web)?

Created: 10 Nov 2011 | 5 comments
Muhammad Ishaq Khan's picture

Hi there:

I have following queries regarding Symantec DLP Network Prevent (Web):

- I want to block/monitor https traffic, can this is possible through Symantec DLP Network Prevent (Web)....

Best Regards

Ishaq

Comments 5 CommentsJump to latest comment

Muhammad Ishaq Khan's picture

can we integrate DLP Network Prevent (Web) with web gateway??

Best Regards,                                     &nbsp

yang_zhang's picture

Yes!

The DLP 11.x can integrate with Symantec Web Gateway, but, the version of the Symantec Web Gateway should be 5.x, and, the gateway need to work under proxy mode.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
xlloyd's picture

Here is an exerpt from the DLP Admin guide

Network Prevent (Web) integrates with an HTTP, HTTPS, or FTP proxy server. This integration uses the Internet Content Adaptation Protocol (ICAP) . The Network Prevent Server (Web) detects confidential data in HTTP, HTTPS, or FTP content. When it does, it causes the proxy to reject requests or removeHTMLcontent as specified by the governing policies.

So yes, it is built to integrate with a Web Gateway and it can protect HTTPS traffic.

Hope this helps!

Regards
~ Xavier

If this post has helped you, please vote up or mark as solution
DHaag's picture

The DLP Web Prevent can inspect the contents of HTTPS but not on its own. You have to use a Web Proxy that is capable of doing HTTPS intercept and supports ICAP protocol to send the traffic to the DLP Prevent. This involves the Proxy intercepting the HTTPS traffic, decrypting it and sending it to the Prevent using the ICAP protocol. The proxy then re-encrypts the traffic using its own SSL certificate and proxies it through. Using an enterprise proxy solution like BlueCoat will allow you to do this. I'm sure there are other proxies you could use also. The only issue I have seen when doing this is that you can have issues with the intercept working properly with smaller sites that use self signed certificates, such as SMB businesses. Unless the CA is a public CA the proxy will have issues recognizing the certificate validity and will break the HTTPS intercept with the client.

 

 

Muhammad Ishaq Khan's picture

hi there:

Thanks for everyone for reply, kindly share document through which we can integrate Symantec Web Gateway to Symantec DLP Network Prevent (Web) (if possible)

 

regards

Ishaq

Best Regards,                                     &nbsp