Adding ICAP to a web proxy security policy

Chapter 1 What’s New for FortiOS 5.0 : Other new features : ICAP and the explicit web proxy : Adding ICAP to a web proxy security policy - CLI

Adding ICAP to a web proxy security policy - CLI

The following is an example of configuring the ICAP feature on the FortiGate unit and applying an ICAP profile to an existing web proxy security policy.

1 Log in to the CLI.

2 Enter the following to configure the ICAP server:

config icap server

edit “New ICAP Server”

set ip-address 172.16.122.151

set ip-version 4

set max-connections 100

set port 453

end

3 Enter the following to configure the ICAP profile to then apply to a security policy:

config icap profile

edit “New ICAP Profile”

set request enable

set request-failure error

set request-path “/service-in”

set request-server icap_server

set response enable

set response-failure error

set response-path “/service-out”

set response-server “New ICAP Server”

set streaming-content-bypass enable

end

4 In the config firewall policy command, apply the ICAP profile to a security policy:

config firewall policy

edit 0

set srcintf web-proxy

...

set utm-status enable

set icap-profile “New ICAP Profile”

end