Example ICAP sequence for an ICAP server performing web URL filtering on web proxy HTTP requests

Chapter 1 What’s New for FortiOS 5.0 : Other new features : ICAP and the explicit web proxy : Example ICAP sequence for an ICAP server performing web URL filtering on web proxy HTTP requests

1 A user opens a web browser and sends an HTTP request to connect to a web server.

2 The FortiGate unit intercepts the HTTP request and forwards it to an ICAP server.

3 The ICAP server receives the request and determines if the request is for URL that should be blocked or allowed.

• If the URL should be blocked, the ICAP server sends a response to the FortiGate unit. The FortiGate unit returns this response to the user’s web browser. This response could be a message informing the user that their request was blocked.

• If the URL should be allowed, the ICAP server sends a request to the FortiGate unit. The FortiGate unit forwards the request to the web server that the user originally attempted to connect to.

When configuring ICAP on the FortiGate unit, you must configure an ICAP profile that contains the ICAP server information; this profile is then applied to a security policy.