000015004 - Is McAfee Web Gateway 6.8.x compatible with RSA DLP ICAP Server?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015004
Applies ToRSA Data Loss Prevention Suite 8.5
RSA DLP 8.5
McAfee Web Gateway 6.8.7
ICAP
IssueIs McAfee Web Gateway 6.8.x compatible with RSA DLP ICAP Server?
Cause

As part of the RSA Secured program for certifying solutions such as the RSA DLP ICAP Server with the McAfee Web Gateway, RSA has uncovered an issue with the solution.  We have root caused the issue to be with the data that is sent to the RSA DLP ICAP Server as part of the ICAP request and confirmed this behavior with McAfee Customer Support (McAfee case number 3-1177040561).  More details on the issue are below.

 

Details on Issue seen:

If the McAfee Web Gateway does not have 1024 bytes of preview data the standard calls for it to be indicated it with ieof as seen below (refer to RFC3507 http://www.faqs.org/rfcs/rfc3507.html):

\r\n

0; ieof\r\n\r\n

But with the 6.8.x version, further inspections shows it is actually represented as:

\r\n

0;ieof\r\n\r\n

Note the missing space between the 0; and the ieof. As a result, the RSA DLP ICAP Server will wait for more data to come in and eventually time out.

RSA has completed the certification efforts with the McAfee Web Gateway 7.x version and the recommendation is for customers who require the solution to upgrade to this version.

ResolutionFor customers who are unable to upgrade McAfee Web Gateway 7.x, RSA has developed a workaround for the issue and made this available in RSA DLP 8.5 SP1 which can be downloaded from RSA SecurCare OnLine. An implementation guide is also available via www.rsasecured.com for both McAfee Web Gateway 6.8.7 and 7.0.
Legacy Article IDa55524

Attachments

    Outcomes