Configure Gateway to IG Server communication

If you are using Secure ICAP Gateway as part of an Information Governance (IG) platform, you need to configure Gateway to IG Server communication. You will also need to configure an IG content rule and apply it to policy routes as appropriate for your organization.

This configuration task involves:

• Providing the IG Server location and Gateway access token
• Enabling or disabling IG transaction logging
• Providing instruction to your Gateway if the IG Server is not available
• Configuring the Check Registered Data content rule and assigning to policy routes as appropriate
• Optionally setting IG Global Policy

You also need to configure your IG Server to communicate with your Gateway by adding the host name or IP address of the Gateway. This is typically performed by the IG Server Administrator.

Tokens you can use

Token	Description
%DOC_LIST_MATCHES%	The file name and file location if available, and a list of matches for each registered document where a match was found.
%DOC_NAMES%	The file name and file location if available of registered documents where a match was found.
%DOC_NAMES_CLASSIFICATION%	The file name and file location if available, and the classification of registered documents where a match was found.
%DOC_NAMES_MATCH%	The file name and file location if available, and the percentage match of registered documents where a match was found.
%DOC_OWNERS_COUNT%	The number of document owners where a match has been found. This token is available in both the subject and the body of a message.
%DOC_NAMES_PROPERTIES%	The file name and file location if available, and any custom properties for each registered document where a match was found.
%DOC_SETS%	The collection name where matched registered documents were detected.
%DOC_SET_OWNERS%	The details of document owners of matched documents.

When informs are copied to the document owners, tokens will only show information relevant to documents registered for that particular document owner.

Tell me about...

• Server location and Gateway

  The server location is the IP or hostname address of your IG Server.

  The Gateway access token is a unique string value that is generated by your IG Server. You will need to get this value from the IG server Security configuration page.

• IG transaction logging

  You can log Gateway IG related transactions (IG tracking data) by enabling IG transaction logging. If you want to report on IG activity by using IG Server reporting, you must enable this feature.

• What I can do if the IG Server is not available

  If your Gateway cannot contact the IG Server, tracking data is queued on the Gateway in /var/cs-gateway/igptransactions/fail until the IG Server can be contacted. This data will be purged after a period of 30 days. To resubmit tracking records to the IG Server copy all the files from the fail folder to: /var/cs-gateway/igptransactions/log

• The Check Registered Data content rule

  You use this rule to check for and manage IG Server content matches. The rule will check for full and partial matches. With this rule you would typically set a What To Look For? action together with a Classification Level The Classification Level specifically relates to values that are assigned to items that have been registered on an IG Server. The disposal action will trigger where content passing through the Gateway is matched to content registered on the IG Server, and where the Classification level for the item as set on the IG server is equal or exceeds the level set on the Gateway. If this value is set to 0 on your Gateway, matches to any IG registered items will trigger the disposal action. above which the rule will be triggered. You can then generate an Inform to notify IG administrators and document owners of document matches.

• IG Global Policy

  You can apply a specific policy to all routes that do not contain the Check Registered Data content rule by enabling this feature. You configure What To Look For? and What To Do? actions in the same way as any other content rule. If you have configured and applied the Check Registered Data content rule to a particular route it will override the settings of the Global Policy for that route.

How do I...

• Configure IG related features?

  1. From the Home page, click Policy > Information Governance.

     The Information Governance page is displayed.

  2. Configure the details on each panel according to your required configuration.

• Resubmit tracking records to the IG Server?

  If there is a connectivity issue between the Gateway and the IG Server, the Gateway might fail to send tracking data. Instead, it sends the data to the following folder:

  /var/cs-gateway/igptransactions/fail

  It is possible that this data will be purged automatically after a period of 30 days. The Gateway will not attempt to retry sending data in this folder.

  To resubmit tracking records, copy all the files in the fail folder to the log folder:

  /var/cs-gateway/igptransactions/log

• Work with the Check Registered Data content rule?

  While configuration options for this content rule are similar to other Gateway rules, the rule also provides the ability to send informs to document owners. This means document owners who have registered content on the IG Server will be notified of policy violations immediately. The option to copy to document owners is configurable when adding a Generate An Inform action.

  When configuring the inform, you can make use of IG query specific tokens. Show me the tokens

  Token	Description
  %DOC_LIST_MATCHES%	The file name and file location if available, and a list of matches for each registered document where a match was found.
  %DOC_NAMES%	The file name and file location if available of registered documents where a match was found.
  %DOC_NAMES_CLASSIFICATION%	The file name and file location if available, and the classification of registered documents where a match was found.
  %DOC_NAMES_MATCH%	The file name and file location if available, and the percentage match of registered documents where a match was found.
  %DOC_OWNERS_COUNT%	The number of document owners where a match has been found. This token is available in both the subject and the body of a message.
  %DOC_NAMES_PROPERTIES%	The file name and file location if available, and any custom properties for each registered document where a match was found.
  %DOC_SETS%	The collection name where matched registered documents were detected.
  %DOC_SET_OWNERS%	The details of document owners of matched documents.

  When informs are copied to the document owners, tokens will only show information relevant to documents registered for that particular document owner.

  For general information on content rules, see Content rules.

• View information about held messages containing content registered with the IG Server?

  If the Check Registered Data content rule or the IG Global Policy is configured to hold messages when content registered with the Information Governance (IG) Server is detected, you can view the results using the Registered Data tab. For more information, see Analyzing and Managing Held Messages.

Show me...

• An example Inform configuration that uses IG query specific tokens

  %USER% referenced registered data.
  
  Registered content has been detected that belongs to %DOC_OWNERS_COUNT% owner(s):
  %DOC_SET_OWNERS%
  
  The content is from these registered items:
  %DOC_NAMES%
  
  The classifications per item were:
  %DOC_NAMES_CLASSIFICATION%
  
  The percentage matches per item were:
  %DOC_NAMES_MATCH%
  
  The matches per item were:
  %DOC_LIST_MATCHES%
  
  The properties associated with each item were:
  %DOC_NAMES_PROPERTIES%
  
  The content is from these collections:
  %DOC_SETS%