content filters on public mail i.e. gmail, yahoo etc

Unanswered Question
Oct 8th, 2009

is there a way to create content policies on web security appliances on information sent on public mails( gmail yahoo ) or IMs?
it might sound stupid as you cannot control the mail server so filter what can be sent out or not but on the other hand you can monitor the web traffic

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
khoanguy Thu, 10/08/2009 - 20:51

You might be referring to our DLP (Data Loss Prevention) seen on 6.0 and above. Below is a clip from our User Guide, you can search for that section to see if it fits your needs.


In the Information Age, your organization’s data is one of its most prized possessions. Your
organization spends a lot of money making data available to your employees, customers, and
partners. Data is always on the move by traveling over the web and email. This increased
access poses challenges for information security professionals to figure out how to prevent the
malicious, accidental, or unintentional loss of sensitive and proprietary information.
The IronPort Web Security appliance secures your data by providing the following
• IronPort Data Security Filters. The IronPort Data Security Filters on the Web Security
appliance evaluate data leaving the network over HTTP, HTTPS, and FTP to control what
data goes where and how and by whom.
• Third party data loss prevention (DLP) integration. The Web Security appliance integrates
with leading third party content-aware DLP systems that identify and protect sensitive
data. The Web Proxy uses the Internet Content Adaptation Protocol (ICAP) which is a
lightweight HTTP based protocol that allows proxy servers to offload content scanning to
external systems. By offloading the content scanning to dedicated external systems, the
Web Proxy can take advantage of the deep content scanning in other products while
being free to perform other Web Proxy functions with minimal performance impact.

abnk_t_ironport Fri, 10/09/2009 - 07:07

hello khoa,
many thanks for the reply.
no plan to implement a dlp solution ( i.e. verdasys) what i want to focus on is the following as mentioned by you:
- "IronPort Data Security Filters. The IronPort Data Security Filters on the Web Security appliance evaluate data leaving the network over HTTP, HTTPS, and FTP to control what data goes where and how and by whom. "
is it possible to know any where to find m ore info and any example on the above?

abnk_t_ironport Tue, 10/13/2009 - 09:40

hi again khoa,
well i am trying to activate the data security service on the ironport web appliance but i am having some difficulties.
any idea how to activate it?
here is an excerpt from the guide:
enable the IronPort Data Security Filters. To scan upload requests on the appliance, you must first enable the IronPort Data Security Filters. Usually, the IronPort Data Security Filters feature is enabled during the initial setup using the System Setup Wizard. Otherwise, go to the Security Services > Data Security Filters page to enable it.
i am finding no where the data security filters page at the security services.

the appliance is s160

JennieMorton Tue, 10/13/2009 - 20:07

What version are you using? This feature is only available with AsyncOS for Web 6.0 and later.

abnk_t_ironport Wed, 10/14/2009 - 10:58

yes it is the problem of the version
it is upgraded now but still it has some problems.
it cant block specific file name

khoanguy Thu, 10/15/2009 - 00:31

is the idsdataloss_logs showing anything? it might give you some clues, if not a support ticket might be needed.

abnk_t_ironport Fri, 10/16/2009 - 09:24

where i can find the ids logs?

have another question
has anyone tried to find the user name that is entered in the web mail account login page?
any idea if this is doable?
( from the access logs of the irononport?)

JennieMorton Fri, 10/16/2009 - 17:46

You can find the Data Security Logs in the same place as all log files on the WSA (such as the Access logs). You can find them from the GUI by going to the System Administration > Log Subscriptions page. For more information on how to retrieve log files, see the Logging chapter in the user guide.

As for your other question, I'm not sure I can help you. My *guess* is that you can't, but hopefully someone else can answer for sure.

khoanguy Fri, 10/16/2009 - 19:01

If you do not see the ids logs, then you might need to enable it:

CLI > logconfig > new > Data Security Logs


This Discussion