Cisco Cisco Web Security Appliance S690 User Guide
230
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
3. Enter the information in Table 11-2.
Table 11-2 External DLP Server Settings
Setting
Description
External DLP Servers
Enter the following information to access an ICAP compliant DLP
system:
• Server address and port. The host name or IP address and TCP
system:
• Server address and port. The host name or IP address and TCP
port for accessing the DLP system.
• Reconnection attempts. The number of times the Web Proxy
tries to connect to the DLP system before failing.
• DLP Service URL. The ICAP query URL specific to the particular
DLP server. The Web Proxy includes what you enter here in the
ICAP request it sends to the external DLP server. The URL must
start with the ICAP protocol: icap://
ICAP request it sends to the external DLP server. The URL must
start with the ICAP protocol: icap://
Load Balancing
If multiple DLP servers are defined, select which load balancing
technique the Web Proxy uses to distribute upload requests to
different DLP servers. You can choose the following load
balancing techniques:
• None (failover). The Web Proxy directs upload requests to one
technique the Web Proxy uses to distribute upload requests to
different DLP servers. You can choose the following load
balancing techniques:
• None (failover). The Web Proxy directs upload requests to one
DLP server. It tries to connect to the DLP servers in the order
they are listed. If one DLP server cannot be reached, the Web
Proxy attempts to connect to the next one in the list.
they are listed. If one DLP server cannot be reached, the Web
Proxy attempts to connect to the next one in the list.
• Fewest connections. The Web Proxy keeps track of how many
active requests are with the different DLP servers and it directs
the upload request to the DLP server currently servicing the
fewest number of connections.
the upload request to the DLP server currently servicing the
fewest number of connections.
• Hash based. The Web Proxy uses a hash function to distribute
requests to the DLP servers. The hash function uses the proxy ID
and URL as inputs so that requests for the same URL are always
directed to the same DLP server.
and URL as inputs so that requests for the same URL are always
directed to the same DLP server.
• Round robin. The Web Proxy cycles upload requests equally
among all DLP servers in the listed order.
Service Request Timeout
Enter how long the Web Proxy waits for a response from the DLP
server. When this time is exceeded, the ICAP request has failed
and the upload request is either blocked or allowed, depending on
the Failure Handling setting.
Default is 60 seconds.
server. When this time is exceeded, the ICAP request has failed
and the upload request is either blocked or allowed, depending on
the Failure Handling setting.
Default is 60 seconds.
Maximum Simultaneous
Connections
Connections
Specifies the maximum number of simultaneous ICAP request
connections from the Web Security appliance to each configured
external DLP server. The Failure Handling setting on this page
applies to any request which exceeds this limit.
Default is 25.
connections from the Web Security appliance to each configured
external DLP server. The Failure Handling setting on this page
applies to any request which exceeds this limit.
Default is 25.