Cisco Cisco Web Security Appliance S670 User Guide
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
16-10
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 16 Prevent Loss of Sensitive Data
Defining External DLP Systems
Step 2
Click Edit Settings.
Setting
Description
Protocol for External
DLP Servers
DLP Servers
Choose either:
•
ICAP – DLP client/server ICAP communications are not encrypted.
•
Secure ICAP – DLP client/server ICAP communications are via an
encrypted tunnel. Additional related options appear.
encrypted tunnel. Additional related options appear.
External DLP Servers Enter the following information to access an ICAP compliant DLP system:
•
Server address and Port – The hostname or IP address and TCP port for
accessing the DLP system.
accessing the DLP system.
•
Reconnection attempts – The number of times the Web Proxy tries to
connect to the DLP system before failing.
connect to the DLP system before failing.
•
Service URL – The ICAP query URL specific to the particular DLP
server. The Web Proxy includes what you enter here in the ICAP request
it sends to the external DLP server. The URL must start with the ICAP
protocol: icap://
server. The Web Proxy includes what you enter here in the ICAP request
it sends to the external DLP server. The URL must start with the ICAP
protocol: icap://
•
Certificate (optional) – The certificate provided to secure each External
DLP Server connection can be Certificate Authority (CA)-signed or
self-signed. Obtain the certificate from the specified server, and then upload
it to the appliance:
DLP Server connection can be Certificate Authority (CA)-signed or
self-signed. Obtain the certificate from the specified server, and then upload
it to the appliance:
–
Browse to and select the certificate file, and then click Upload File.
Note
This single file must contain both the client certificate and private
key in unencrypted form.
key in unencrypted form.
–
Use this certificate for all DLP servers using Secure ICAP – Check
this box to use the same certificate for all External DLP Servers you
define here. Leave the option unchecked to enter a different certificate
for each server.
this box to use the same certificate for all External DLP Servers you
define here. Leave the option unchecked to enter a different certificate
for each server.
•
Start Test – You can test the connection between the Web Security
appliance and the defined external DLP server(s) by clicking Start Test.
appliance and the defined external DLP server(s) by clicking Start Test.