FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 21 - Security Profiles > ICAP > Example Scenario

Example Scenario

Information relavent to the following example:

  • The ICAP server is designed to do proprietary content filtering specific to the organization so it will have to receive the messages and sent back appropriate responses.
  • The content filter is a required security precaution so it if the message cannot be processed it is not allowed through.
  • Resources on both the Fortigate and the ICAP server are considerable so the maximum connections setting will set at a double the default value to analyse the impact on performance.
  • The ICAP server’s IP address is 172.16.100. 55.
  • The path to the processing component is “/proprietary_code/content-filter/”.
  • Streaming media is not something that the filter considers, but is allowed through the policy so processing it would be a waste of resources.
  • The ICAP profile is to be added to an existing firewall policy.
  • It is assumed that the display of the policies has already been configured to show the column “ID”.
  1. Enter the following to configure the ICAP server:

    Go to Security Profiles > Advanced > ICAP Server.

Use the following values:

Name content-filtration-server4
IP Type IPv4
IP Address
Port 1344

Use the CLI to set the max-connections value.

config icap server

edit content-filtration-server4

set max-connections 200


  1. Enter the following to configure the ICAP profile to then apply to a security policy:

    Use the following values:
Name Prop-Content-Filtration
Enable Request Processing enable
Server content-filtration-server4
Path /proprietary_code/content-filter/
On Failure Error
Enable Response Processing enable
Server content-filtration-server4
Path /proprietary_code/content-filter/
On Failure Error
Enable Streaming Media Bypass enable
  1. Apply the ICAP profile to policy:

The purposes of this particular ICAP profile is to filter the content of the traffic coming through the firewall via policy ID#17.

  1. Go to Policy & Objects > Policy > IPv4.
  2. Open the existing policy ID# 17 for editing.
  3. Go to the section Security Profiles.
  4. Select the button next to ICAP so that it indicates that it’s status is ON.
  5. Select the field with the profile name and use the drop down menu to select Prop-Content-Filtration.
  6. Select OK.