Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Community Member

Ironport integration with DLP?

I have a question regarding Ironport integration with DLP - the DLP vendor is stating that they want to monitor "posts" and not "gets". That's the terminology they are using. I'm trying to translate that into Ironport's terminology which is "do not scan any uploads" and "scan all uploads". I'm not sure which option to choose to get this done. Can anybody explain these options a little better than the online docs?

Thank you for your assistance!

Dan

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Ironport integration with DLP?

Dan,

Check your External DLP for any disconnects or network issues with the Ironport.  The load-balance is only for multiple external DLP servers and not multiple Ironports.

Try to increase the reconnection attempts (10) to see if it helps.  It would be best to find out why the Ironport can't reach the DLP servers during such time frames. Check for any symptoms around such times, like load or other service kicking off.  Does it happen on exact time? These can give good hints as to why.

4 REPLIES
Community Member

Re: Ironport integration with DLP?

scan all uploads = scan all http POST

do not scan any uploads = do not scan http POST

scan uploads except to specified custom URL categories = when a custom category is matched do not scan such http POST to such destinations

All these relates to External DLP policies, where POST requests are redirected to an external DLP.

Community Member

Re: Ironport integration with DLP?

Thank you very much for the reply. We have it working now, sort

of. Now the service stops between both of my Ironport web boxes and the one DLP server every 3-4 hours it seems. I restart the service by changing the log subscription option and starting a packet capture. Is there a setting I may be missing now, dealing with timeouts or load balancing?

Thank you again for your response!

Dan

Community Member

Re: Ironport integration with DLP?

Dan,

Check your External DLP for any disconnects or network issues with the Ironport.  The load-balance is only for multiple external DLP servers and not multiple Ironports.

Try to increase the reconnection attempts (10) to see if it helps.  It would be best to find out why the Ironport can't reach the DLP servers during such time frames. Check for any symptoms around such times, like load or other service kicking off.  Does it happen on exact time? These can give good hints as to why.

Community Member

Re: Ironport integration with DLP?

Thank you very much for your responses. I am working with Ironp

ort support and our DLP vendor on the disconnects.

910
Views
0
Helpful
4
Replies
CreatePlease to create content