Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2640
Views
0
Helpful
4
Replies

Ironport integration with DLP?

Go to solution
dlipcsey
Level 1
Level 1

‎03-01-2010 10:54 AM

I have a question regarding Ironport integration with DLP - the DLP vendor is stating that they want to monitor "posts" and not "gets". That's the terminology they are using. I'm trying to translate that into Ironport's terminology which is "do not scan any uploads" and "scan all uploads". I'm not sure which option to choose to get this done. Can anybody explain these options a little better than the online docs?

Thank you for your assistance!

Dan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
khoanguy
Level 1
Level 1
In response to dlipcsey

‎03-08-2010 09:49 AM

Dan,

Check your External DLP for any disconnects or network issues with the Ironport.  The load-balance is only for multiple external DLP servers and not multiple Ironports.

Try to increase the reconnection attempts (10) to see if it helps.  It would be best to find out why the Ironport can't reach the DLP servers during such time frames. Check for any symptoms around such times, like load or other service kicking off.  Does it happen on exact time? These can give good hints as to why.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
khoanguy
Level 1
Level 1

‎03-03-2010 03:51 PM

scan all uploads = scan all http POST

do not scan any uploads = do not scan http POST

scan uploads except to specified custom URL categories = when a custom category is matched do not scan such http POST to such destinations

All these relates to External DLP policies, where POST requests are redirected to an external DLP.

0 Helpful

Go to solution
dlipcsey
Level 1
Level 1
In response to khoanguy

‎03-04-2010 06:52 AM

Thank you very much for the reply. We have it working now, sort

of. Now the service stops between both of my Ironport web boxes and the one DLP server every 3-4 hours it seems. I restart the service by changing the log subscription option and starting a packet capture. Is there a setting I may be missing now, dealing with timeouts or load balancing?

Thank you again for your response!

Dan

0 Helpful

Go to solution
khoanguy
Level 1
Level 1
In response to dlipcsey

‎03-08-2010 09:49 AM

Dan,

Check your External DLP for any disconnects or network issues with the Ironport.  The load-balance is only for multiple external DLP servers and not multiple Ironports.

Try to increase the reconnection attempts (10) to see if it helps.  It would be best to find out why the Ironport can't reach the DLP servers during such time frames. Check for any symptoms around such times, like load or other service kicking off.  Does it happen on exact time? These can give good hints as to why.

0 Helpful

Go to solution
dlipcsey
Level 1
Level 1
In response to khoanguy

‎03-11-2010 12:10 PM

Thank you very much for your responses. I am working with Ironp

ort support and our DLP vendor on the disconnects.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents