FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 24 - Security Profiles > ICAP > Configuration Settings

Configuration Settings

There are two sections where ICAP is configured:

Servers

Go to Security Profiles > ICAP Servers.

The available settings to be configured regarding the server are

  • Name
  • IP Type (in the GUI) or IP address version ( in the CLI)
    The options for this field in the GUI are 2 radio buttons labelled “IPv4” and “IPv4”. In the CLI the approach is slightly different. There is a field “ip-version” that can be set to “4” or “6”.
  • IP Address
    Depending on whether you’ve set the IP version to 4 or 6 will determine the format that the content of this field will be set into. In the GUI it looks like the same field with a different format but in the CLI it is actually 2 different fields named “ip-address” and ip6-address.
  • Port
    1344 is default TCP port used for the ICAP traffic. The range can be from 1 to 65535.

Maximum Connections

This value refers to the maximum number of concurrent connections that can be made to the ICAP server. The default setting is 100. This setting can only be configured in the CLI.

The syntax is:

config icap server

edit <icap_server_name>

set max-connections <integer>

end

Profiles

Name

Just like any other profile each of the ICAP profiles needs to be assigned a name.

Enable Request Processing

Enabling this setting allows the ICAP server to process request messages.

If enabled this setting will also require:

  • Server - This is the name of the ICAP server. It is chosen from the drop down menu in the field. The servers are configure in the Security Profiles > ICAP > Server section.
  • Path - This is the path on the server to the processing compent. For instance if the Windows share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”
  • On Failure - There are 2 options. You can choose by the use of radio buttons either Error or Bypass.

Enable Response Processing

Enabling this setting allows the ICAP server to process response messages.

If enabled this setting will also require:

  • Server - This is the name of the ICAP server. It is chosen from the drop down menu in the field. The servers are configure in the Security Profiles > ICAP > Server section.
  • Path - This is the path on the server to the processing compent. For instance if the Windows share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”
  • On Failure - There are 2 options. You can choose by the use of radio buttons either Error or Bypass.

Enable Streaming Media Bypass

Enabling this setting allows streaming media to ignore offloading to the ICAP server.