Hello,
I have this issue, the client where i work using the DLP 14.6MP1 suite and the prevent for web server, and the traffic pass to 3 proxy bluecoat:
ProxySG 900-20 SGOS 6.6.5.2
ProxySG 900-20 SGOS 6.6.4.2
ASG-S400-20 ASG 6.6.5.2
And 1 F5 load balancer.
I make this test, only one bluecoat proxy is configured to send icap traffic to DLP and all the categories are remove, only this two page , dlptest.com and fastmail.com are include in bluecoat.
Install the Wireshark in the prevent for web server and collect traffic from this two page
After add the domain live.com in bluecoat and some incident are generated, its possible a problem with the configuration in bluecoat?
The F5 load balancer maybe is the problem?
You can help me