Common DLP (Blue Coat Data Loss Prevention appliance) FAQ


<< Back to Knowledge Search

Solution

Overview

1. What are the Web browsers supported for the DLP Web console?

 
The DLP Web console is supported on the following Web browsers:
 
  • Internet Explorer version 7.0 and later
  • Firefox version 3.0 and later.
 
2. Where can I view a DLP health check failure?
 
Check the proxy DLP setting in External services:
 
Service URL: icap://dlp-ip/request
The DLP-IP is the Eth4 interface IP address.
ICAP options: request modification.
Symptom: Health check failed. In PCAP may see 404 ICAP Service Not Found
 
3. What are the protocols that DLP currently supports, and what is unsupported?
 
Proxy ICAP support is available for  HTTP/HTTPS/FTP;
 
Currently,  IM, Streaming (and live HTTP streaming) , CIFS, MAPI, and TCP tunnel are not supported.
 
4. Where can I view the system and hardware diagnostics information on the DLP appliance?
 
System and Hardware diagnostic can be viewed using the web console, View Status, Dashboard, Health Monitor.
 
5. What happens if the data for scan is larger then 8k?
 
When an ICAP scan is being performed, the proxy does not cache data over 8k blocks. The proxy sends the data for ICAP  scanning, when scanning is completed and the content is allowed by policy,  all the scanned data is transferred back to the proxy for caching.
If the data is smaller then 8k, proxy will cache while sending over to scan, in a PCAP, the keyword  to verify that the proxy is caching is: Allow: 204
 
6. What is the maximum file size for a DLP scan?
 
The maximum file size for the DLP scan limit is 2 GB. Because the proxy sends all data to the DLP device for scanning without caching, the DLP appliance cannot finish scanning when the data is over the 2GB size limit. It stops scanning and sends a “500 server error” to the proxy and closes the connection. The proxy in turn then closes connection to the client and loses all data.
A restart attempt by the FTP client  will fail again at 2 GB.
 
Workaround: Set policy to stop sending the data to the DLP device  based on source/destination/filename (not file size).
 
7. Does the DLP appliance support URL encoding?
 
DLP does not support URL encoding.
%23DLP%20test%23
%23DLP+Test%23
Suppose to be #D LP test#
DLP convert to utf 16 and interpret the resulting text. DLP is not url blocking.
 
8. Ho do I change the default password on the DLP appliance?
 
Change the default password (recommended) by typing:
 
 passwd dlpremote
 
The first version of quick start guide contains an error on the information about changing the password.  For more information (taken from the DLP 7.0.2 release note), see https://bto.bluecoat.com/doc/14316
 
9. How do I slow down email redelivery attempts?
 
If for some reason the DLP appliance fails to deliver emails to the downstream MTA, it will retry sending the email every 5 seconds. Due to the relatively
aggressive retry pattern, the downstream servers may mark the DLP appliance as a source of spam/abuse. As such, a potentially transient issue with the downstream
server turns into a more persistent issue whereby all emails from the DLP appliance are not accepted even if the downstream server is back up and running.
 
Workaround: The workaround to this potential issue is to adjust some the timeout settings in the MTA configuration file. You should contact your support representative
for additional details and instructions.
 
10. How do I reset a DLP appliance to factory defaults?
 
DLP is a database application, and it can not be reset to factory default like proxy applications.
Contact Bluecoat Support for the DLP image. You will need to download the image, burn it into a CD and use the CDROM to initiate a reinstallation.  Then follow the quick setup guide to reconfigure the DLP appliance.
 
11. How can I keep the incident logs, including attachments, for 5 years?
a) Is this possible without exporting the logs manually?
b) Are there any limit on the entries of Incident Logs that can be kept? Is this limited by the number of Incident Log entries or is this limited 
by the storage capacity?
 
You would need to either export the logs manually or regularly download backups of the system. Note that in either case you will not keep retained copies.
 
Only display 5k incidents are typically displayed, but you can filter by time or values to see older incidents.
 
There are 2 major limits on incidents.
a) Copy retained files. Once you reach 80% full on this volume older copy 
retained files will be deleted. (Assuming you have not set all your actions to 
never delete in which case the volume will fill and the appliance will be unusable.) 
Incidents without copy retained files will still function normally, but you 
can't see the original file or derived files like the highlighted file.
 
b) When you reach 1-5 million incidents (depends on the system) you will start 
seeing major performance issues in the UI. If you continue to create incidents 
at some point the UI will become completely unusable.
 
12. Does DLP support IPv6?
 
No. Neither DLP 7.0 nor 7.1 supports IPv6.
 
13. What about support for the DLP client Agent (endpoint)?
 
DLP 7.1.0.28 supports the DLP client agent, which is the Code Green client agent. It is sold and supported by Code Green Networks.
 
For endpoint issues, Blue Coat redirects users to Code Green Technical Support. Visit: http://www.codegreennetworks.com/support.htm
 
14. What does the error: iDRAC6 communication error, FATAL: Error inserting ipmi_si mean?
 
This issue is a cosmetic error, which indicates that the last shutdown was not done properly.
 
To fix this error:
 
Unplug both power cables.
Press the front power button for 10 seconds, then release it.
Plug in both power cables, and press power button again. 
Now when the appliance boot up, the error message no longer displays.
 
15. Does DLP has its private SNMP MIB?
 
The DLP only support common SNMP MIB as Linux server, with CPU. RMA and Disk etc, but no private MIB for policy etc. see details in Administrator’s Guide
 
https://bto.bluecoat.com/doc/14310
 
page 29
 
3.10 Enable SNMP Notifications
Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ885
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      DLP
Topic      Content Management
Article Number      000008643
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat