03-01-2010 10:54 AM
I have a question regarding Ironport integration with DLP - the DLP vendor is stating that they want to monitor "posts" and not "gets". That's the terminology they are using. I'm trying to translate that into Ironport's terminology which is "do not scan any uploads" and "scan all uploads". I'm not sure which option to choose to get this done. Can anybody explain these options a little better than the online docs?
Thank you for your assistance!
Dan
Solved! Go to Solution.
03-08-2010 09:49 AM
Dan,
Check your External DLP for any disconnects or network issues with the Ironport. The load-balance is only for multiple external DLP servers and not multiple Ironports.
Try to increase the reconnection attempts (10) to see if it helps. It would be best to find out why the Ironport can't reach the DLP servers during such time frames. Check for any symptoms around such times, like load or other service kicking off. Does it happen on exact time? These can give good hints as to why.
03-03-2010 03:51 PM
scan all uploads = scan all http POST
do not scan any uploads = do not scan http POST
scan uploads except to specified custom URL categories = when a custom category is matched do not scan such http POST to such destinations
All these relates to External DLP policies, where POST requests are redirected to an external DLP.
03-04-2010 06:52 AM
Thank you very much for the reply. We have it working now, sort
of. Now the service stops between both of my Ironport web boxes and the one DLP server every 3-4 hours it seems. I restart the service by changing the log subscription option and starting a packet capture. Is there a setting I may be missing now, dealing with timeouts or load balancing?
Thank you again for your response!
Dan
03-08-2010 09:49 AM
Dan,
Check your External DLP for any disconnects or network issues with the Ironport. The load-balance is only for multiple external DLP servers and not multiple Ironports.
Try to increase the reconnection attempts (10) to see if it helps. It would be best to find out why the Ironport can't reach the DLP servers during such time frames. Check for any symptoms around such times, like load or other service kicking off. Does it happen on exact time? These can give good hints as to why.
03-11-2010 12:10 PM
Thank you very much for your responses. I am working with Ironp
ort support and our DLP vendor on the disconnects.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide