Cisco Cisco Web Security Appliance S670 User Guide

Click Edit Settings.

Protocol for External 
DLP Servers

Choose either:

ICAP – DLP client/server ICAP communications are not encrypted.

Secure ICAP – DLP client/server ICAP communications are via an 
encrypted tunnel. Additional related options appear.

External DLP Servers Enter the following information to access an ICAP compliant DLP system:

Server address and Port – The hostname or IP address and TCP port for 
accessing the DLP system.

Reconnection attempts – The number of times the Web Proxy tries to 
connect to the DLP system before failing.

Service URL – The ICAP query URL specific to the particular DLP 
server. The Web Proxy includes what you enter here in the ICAP request 
it sends to the external DLP server. The URL must start with the ICAP 
protocol: icap://

Certificate (optional) – The certificate provided to secure each External 
DLP Server connection can be Certificate Authority (CA)-signed or 
self-signed. Obtain the certificate from the specified server, and then upload 
it to the appliance:

Browse to and select the certificate file, and then click Upload File. 

This single file must contain both the client certificate and private 
key in unencrypted form. 

Use this certificate for all DLP servers using Secure ICAP – Check 
this box to use the same certificate for all External DLP Servers you 
define here. Leave the option unchecked to enter a different certificate 
for each server.

Start Test – You can test the connection between the Web Security 
appliance and the defined external DLP server(s) by clicking Start Test.