FAQ

Common DLP (Blue Coat Data Loss Prevention appliance) FAQ

FAQ ID:    FAQ885
Version:    9.0
Status:    Published
Published date:    07/09/2010
Updated:    11/09/2011
 

Answer

1. What are the Web browsers supported for the DLP Web console?

The DLP Web console is supported on the following Web browsers:

  • Internet Explorer version 7.0 and later
  • Firefox version 3.0 and later.

2. Where can I view a DLP health check failure?

Check the proxy DLP setting in External services:

Service URL: icap://dlp-ip/request
The DLP-IP is the Eth4 interface IP address.
ICAP options: request modification.
Symptom: Health check failed. In PCAP may see 404 ICAP Service Not Found

3. What are the protocols that DLP currently supports, and what is unsupported?

Proxy ICAP support is available for  HTTP/HTTPS/FTP;

Currently,  IM, Streaming (and live HTTP streaming) , CIFS, MAPI, and TCP tunnel are not supported.

4. Where can I view the system and hardware diagnostics information on the DLP appliance?

System and Hardware diagnostic can be viewed using the web console, View Status, Dashboard, Health Monitor.

5. What happens if the data for scan is larger then 8k?

When an ICAP scan is being performed, the proxy does not cache data over 8k blocks. The proxy sends the data for ICAP  scanning, when scanning is completed and the content is allowed by policy,  all the scanned data is transferred back to the proxy for caching.
If the data is smaller then 8k, proxy will cache while sending over to scan, in a PCAP, the keyword  to verify that the proxy is caching is: Allow: 204
 

6. What is the maximum file size for a DLP scan?

The maximum file size for the DLP scan limit is 2 GB. Because the proxy sends all data to the DLP device for scanning without caching, the DLP appliance cannot finish scanning when the data is over the 2GB size limit. It stops scanning and sends a “500 server error” to the proxy and closes the connection. The proxy in turn then closes connection to the client and loses all data.
A restart attempt by the FTP client  will fail again at 2 GB.


Workaround: Set policy to stop sending the data to the DLP device  based on source/destination/filename (not file size).
 

7. Does the DLP appliance support URL encoding?

DLP does not support URL encoding.
%23DLP%20test%23
%23DLP+Test%23
Suppose to be #D LP test#
DLP convert to utf 16 and interpret the resulting text. DLP is not url blocking.

8. Ho do I change the default password on the DLP appliance?

Change the default password (recommended) by typing:

 passwd dlpremote

The first version of quick start guide contains an error on the information about changing the password.  For more information (taken from the DLP 7.0.2 release note), see https://bto.bluecoat.com/doc/14316

9. How do I slow down email redelivery attempts?

If for some reason the DLP appliance fails to deliver emails to the downstream MTA, it will retry sending the email every 5 seconds. Due to the relatively
aggressive retry pattern, the downstream servers may mark the DLP appliance as a source of spam/abuse. As such, a potentially transient issue with the downstream
server turns into a more persistent issue whereby all emails from the DLP appliance are not accepted even if the downstream server is back up and running.

Workaround: The workaround to this potential issue is to adjust some the timeout settings in the MTA configuration file. You should contact your support representative
for additional details and instructions.

10. How do I reset a DLP appliance to factory defaults?

DLP is a database application, and it can not be reset to factory default like proxy applications.
Contact Bluecoat Support for the DLP image. You will need to download the image, burn it into a CD and use the CDROM to initiate a reinstallation.  Then follow the quick setup guide to reconfigure the DLP appliance.

11. How can I keep the incident logs, including attachments, for 5 years?
a) Is this possible without exporting the logs manually?
b) Are there any limit on the entries of Incident Logs that can be kept? Is this limited by the number of Incident Log entries or is this limited
by the storage capacity?


You would need to either export the logs manually or regularly download backups of the system. Note that in either case you will not keep retained copies.

Only display 5k incidents are typically displayed, but you can filter by time or values to see older incidents.

There are 2 major limits on incidents.
a) Copy retained files. Once you reach 80% full on this volume older copy
retained files will be deleted. (Assuming you have not set all your actions to
never delete in which case the volume will fill and the appliance will be unusable.)
Incidents without copy retained files will still function normally, but you
can't see the original file or derived files like the highlighted file.

b) When you reach 1-5 million incidents (depends on the system) you will start
seeing major performance issues in the UI. If you continue to create incidents
at some point the UI will become completely unusable.

___

12. Does DLP support IPv6?

No. Neither DLP 7.0 nor 7.1 supports IPv6.

13. What about support for the DLP client Agent (endpoint)?

DLP 7.1.0.28 supports the DLP client agent, which is the Code Green client agent. It is sold and supported by Code Green Networks.

For endpoint issues, Blue Coat redirects users to Code Green Technical Support. Visit: http://www.codegreennetworks.com/support.htm

14. What does the error: iDRAC6 communication error, FATAL: Error inserting ipmi_si mean?

This issue is a cosmetic error, which indicates that the last shutdown was not done properly.

To fix this error:

  1. Unplug both power cables.
  2. Press the front power button for 10 seconds, then release it.
  3. Plug in both power cables, and press power button again.
    Now when the appliance boot up, the error message no longer displays.

15. Does DLP has its private SNMP MIB?

The DLP only support common SNMP MIB as Linux server, with CPU. RMA and Disk etc, but no private MIB for policy etc. see details in Administrator’s Guide

https://bto.bluecoat.com/doc/14310

page 29

3.10 Enable SNMP Notifications


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question