Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

icap server

Use this command to configure an ICAP server.

If you enable ICAP in a security policy, HTTP traffic intercepted by the policy is transferred to an ICAP server in the ICAP profile added to the policy. Responses from the ICAP server are returned to the FortiGate unit which forwards them to an HTTP client or server.

You can offload HTTP responses or HTTP requests (or both) to the same or different ICAP servers.

If the FortiGate unit supports HTTPS inspection, HTTPS traffic intercepted by a policy that includes an ICAP profile is also offloaded to the ICAP server in the same way as HTTP traffic.

When configuring ICAP on the FortiGate unit, you must configure an ICAP profile (see config icap profile) that contains the ICAP server information; this profile is then applied to a security policy.

config icap server
    edit {name}
    # Configure ICAP servers.
        set name {string}   Server name. size[35]
        set ip-version {4 | 6}   IP version.
                4  IPv4 ICAP address.
                6  IPv6 ICAP address.
        set ip-address {ipv4 address any}   IPv4 address of the ICAP server.
        set ip6-address {ipv6 address}   IPv6 address of the ICAP server.
        set port {integer}   ICAP server port. range[1-65535]
        set max-connections {integer}   Maximum number of concurrent connections to ICAP server. range[1-65535]
    next
end

Additional information

The following section is for those options that require additional explanation.

ip-version {4 | 6}

Specify the IP version of the ICAP server (before entering the ip-address or ip6-address entry). The default is set to 4.

max-connections <limit>

Maximum number of concurrent connections that can be made to the ICAP server. Set the value between 1-65535. The default is set to 100.

port <port>

Port number to be used for communication between the FortiGate and the ICAP server. Set the value between 1-65535. The default is set to 1344.

icap server

Use this command to configure an ICAP server.

If you enable ICAP in a security policy, HTTP traffic intercepted by the policy is transferred to an ICAP server in the ICAP profile added to the policy. Responses from the ICAP server are returned to the FortiGate unit which forwards them to an HTTP client or server.

You can offload HTTP responses or HTTP requests (or both) to the same or different ICAP servers.

If the FortiGate unit supports HTTPS inspection, HTTPS traffic intercepted by a policy that includes an ICAP profile is also offloaded to the ICAP server in the same way as HTTP traffic.

When configuring ICAP on the FortiGate unit, you must configure an ICAP profile (see config icap profile) that contains the ICAP server information; this profile is then applied to a security policy.

config icap server
    edit {name}
    # Configure ICAP servers.
        set name {string}   Server name. size[35]
        set ip-version {4 | 6}   IP version.
                4  IPv4 ICAP address.
                6  IPv6 ICAP address.
        set ip-address {ipv4 address any}   IPv4 address of the ICAP server.
        set ip6-address {ipv6 address}   IPv6 address of the ICAP server.
        set port {integer}   ICAP server port. range[1-65535]
        set max-connections {integer}   Maximum number of concurrent connections to ICAP server. range[1-65535]
    next
end

Additional information

The following section is for those options that require additional explanation.

ip-version {4 | 6}

Specify the IP version of the ICAP server (before entering the ip-address or ip6-address entry). The default is set to 4.

max-connections <limit>

Maximum number of concurrent connections that can be made to the ICAP server. Set the value between 1-65535. The default is set to 100.

port <port>

Port number to be used for communication between the FortiGate and the ICAP server. Set the value between 1-65535. The default is set to 1344.