Example ICAP sequence
This example is for an ICAP server performing web URL filtering on HTTP requests
- A user opens a web browser and sends an HTTP request to connect to a web server.
- The FortiGate unit intercepts the HTTP request and forwards it to an ICAP server.
- The ICAP server receives the request and determines if the request is for URL that should be blocked or allowed.
- If the URL should be blocked the ICAP server sends a response to the FortiGate unit. The FortiGate unit returns this response to the user’s web browser. This response could be a message informing the user that their request was blocked.
- If the URL should be allowed the ICAP server sends a request to the FortiGate unit. The FortiGate unit forwards the request to the web server that the user originally attempted to connect to.
- When configuring ICAP on the FortiGate unit, you must configure an ICAP profile that contains the ICAP server information; this profile is then applied to a security policy.