Fortinet black logo

Administration Guide

Secure ICAP clients

Secure ICAP clients

A secure SSL connection from the FortiGate to the ICAP server can be configured as follows:

config icap server
    edit "server"
        set secure {enable | disable}
        set ssl-cert <certificate>
    next
end
To configure a secure ICAP client:
  1. Configure the ICAP server:
    config icap server
        edit "icap_server1"
            set ip-version 4
            set ip-address 192.168.10.2
            set port 11344
            set max-connections 100
            set secure enable
            set ssl-cert "ACCVRAIZ1"
        next
    end

    Tooltip

    Port 11344 is the standard port for secure ICAP. This must be configured manually if the secure connection is enabled.

  2. Configure the ICAP profile:
    config icap profile
        edit "icap_profile1"
            set request enable
            set response enable
            set streaming-content-bypass enable
            set request-server "icap_server1"
            set response-server "icap_server1"
        next
    end
  3. Configure the firewall policy:
    config firewall policy
        edit 1
            set utm-status enable
            set inspection-mode proxy
            set ssl-ssh-profile "protocols"
            set icap-profile "icap_profile1"
        next
    end

Secure ICAP clients

A secure SSL connection from the FortiGate to the ICAP server can be configured as follows:

config icap server
    edit "server"
        set secure {enable | disable}
        set ssl-cert <certificate>
    next
end
To configure a secure ICAP client:
  1. Configure the ICAP server:
    config icap server
        edit "icap_server1"
            set ip-version 4
            set ip-address 192.168.10.2
            set port 11344
            set max-connections 100
            set secure enable
            set ssl-cert "ACCVRAIZ1"
        next
    end

    Tooltip

    Port 11344 is the standard port for secure ICAP. This must be configured manually if the secure connection is enabled.

  2. Configure the ICAP profile:
    config icap profile
        edit "icap_profile1"
            set request enable
            set response enable
            set streaming-content-bypass enable
            set request-server "icap_server1"
            set response-server "icap_server1"
        next
    end
  3. Configure the firewall policy:
    config firewall policy
        edit 1
            set utm-status enable
            set inspection-mode proxy
            set ssl-ssh-profile "protocols"
            set icap-profile "icap_profile1"
        next
    end