Fortinet black logo

Handbook

Configuring profiles

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:350649
Download PDF

Configuring profiles

You will need to configure an ICAP server and an ICAP profile.

ICAP servers

  1. Go to Security Profiles > ICAP Servers and click on Create New.
  2. Enter a Name for the server.
  3. Enter the server's IP Address. Depending on whether you’ve set the IP version to 4 or 6 will determine the format that the content of this field will be set into. In the GUI it looks like the same field with a different format but in the CLI it is actually 2 different fields named “ip-address” and ip6-address.
  4. Set the Port; 1344 is default TCP port used for the ICAP traffic. The range can be from 1 to 65535.

Maximum Connections

This value refers to the maximum number of concurrent connections that can be made to the ICAP server. The default setting is 100. This setting can only be configured in the CLI.

The syntax is:

config icap server

edit <icap_server_name>

set max-connections <integer>

end

Profiles

  1. Go to Security Profiles > ICAP and click on Create New.
  2. Enter a Name for the server.
  3. Enable settings as required.
    1. Enable Request Processing allows the ICAP server to process request messages. If enabled this setting will also require:
      • Server - This is the name of the ICAP server. It is chosen from the drop down menu in the field. The servers are configured in the Security Profiles > ICAP > Server section.
      • Path - This is the path on the server to the processing content. For instance if the Windows share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”
      • On Failure - There are 2 options: Error or Bypass.
    2. Enable Streaming Media Bypass allows streaming media to ignore offloading to the ICAP server.
  4. Select Apply.

Configuring profiles

You will need to configure an ICAP server and an ICAP profile.

ICAP servers

  1. Go to Security Profiles > ICAP Servers and click on Create New.
  2. Enter a Name for the server.
  3. Enter the server's IP Address. Depending on whether you’ve set the IP version to 4 or 6 will determine the format that the content of this field will be set into. In the GUI it looks like the same field with a different format but in the CLI it is actually 2 different fields named “ip-address” and ip6-address.
  4. Set the Port; 1344 is default TCP port used for the ICAP traffic. The range can be from 1 to 65535.

Maximum Connections

This value refers to the maximum number of concurrent connections that can be made to the ICAP server. The default setting is 100. This setting can only be configured in the CLI.

The syntax is:

config icap server

edit <icap_server_name>

set max-connections <integer>

end

Profiles

  1. Go to Security Profiles > ICAP and click on Create New.
  2. Enter a Name for the server.
  3. Enable settings as required.
    1. Enable Request Processing allows the ICAP server to process request messages. If enabled this setting will also require:
      • Server - This is the name of the ICAP server. It is chosen from the drop down menu in the field. The servers are configured in the Security Profiles > ICAP > Server section.
      • Path - This is the path on the server to the processing content. For instance if the Windows share name was “Processes” and the directory within the share was “Content-Filter” the path would be “/Processes/Content-Filter/”
      • On Failure - There are 2 options: Error or Bypass.
    2. Enable Streaming Media Bypass allows streaming media to ignore offloading to the ICAP server.
  4. Select Apply.