Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config icap profile

Configure ICAP profiles.

config icap profile

Description: Configure ICAP profiles.

edit <name>

set replacemsg-group {string}

set request [disable|enable]

set response [disable|enable]

set streaming-content-bypass [disable|enable]

set preview [disable|enable]

set preview-data-length {integer}

set request-server {string}

set response-server {string}

set request-failure [error|bypass]

set response-failure [error|bypass]

set request-path {string}

set response-path {string}

set methods {option1}, {option2}, ...

set response-req-hdr [disable|enable]

set respmod-default-action [forward|bypass]

set icap-block-log [disable|enable]

set chunk-encap [disable|enable]

set extension-feature {option1}, {option2}, ...

set scan-progress-interval {integer}

config icap-headers

Description: Configure ICAP forwarded request headers.

edit <id>

set name {string}

set content {string}

set base64-encoding [disable|enable]

next

end

config respmod-forward-rules

Description: ICAP response mode forward rules.

edit <name>

set host {string}

config header-group

Description: HTTP header group.

edit <id>

set header-name {string}

set header {string}

set case-sensitivity [disable|enable]

next

end

set action [forward|bypass]

set http-resp-status-code <code1>, <code2>, ...

next

end

next

end

config icap profile

Parameter

Description

Type

Size

Default

replacemsg-group

Replacement message group.

string

Maximum length: 35

request

Enable/disable whether an HTTP request is passed to an ICAP server.

option

-

disable

 

Option

Description

disable

Disable HTTP request passing to ICAP server.

enable

Enable HTTP request passing to ICAP server.

response

Enable/disable whether an HTTP response is passed to an ICAP server.

option

-

disable

 

Option

Description

disable

Disable HTTP response passing to ICAP server.

enable

Enable HTTP response passing to ICAP server.

streaming-content-bypass

Enable/disable bypassing of ICAP server for streaming content.

option

-

disable

 

Option

Description

disable

Disable bypassing of ICAP server for streaming content.

enable

Enable bypassing of ICAP server for streaming content.

preview

Enable/disable preview of data to ICAP server.

option

-

disable

 

Option

Description

disable

Disable preview of data to ICAP server.

enable

Enable preview of data to ICAP server.

preview-data-length

Preview data length to be sent to ICAP server.

integer

Minimum value: 0 Maximum value: 4096

0

request-server

ICAP server to use for an HTTP request.

string

Maximum length: 35

response-server

ICAP server to use for an HTTP response.

string

Maximum length: 35

request-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP request.

option

-

error

 

Option

Description

error

Error.

bypass

Bypass.

response-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP response.

option

-

error

 

Option

Description

error

Error.

bypass

Bypass.

request-path

Path component of the ICAP URI that identifies the HTTP request processing service.

string

Maximum length: 127

response-path

Path component of the ICAP URI that identifies the HTTP response processing service.

string

Maximum length: 127

methods

The allowed HTTP methods that will be sent to ICAP server for further processing.

option

-

delete get head options post put trace other

 

Option

Description

delete

Forward HTTP request or response with DELETE method to ICAP server for further processing.

get

Forward HTTP request or response with GET method to ICAP server for further processing.

head

Forward HTTP request or response with HEAD method to ICAP server for further processing.

options

Forward HTTP request or response with OPTIONS method to ICAP server for further processing.

post

Forward HTTP request or response with POST method to ICAP server for further processing.

put

Forward HTTP request or response with PUT method to ICAP server for further processing.

trace

Forward HTTP request or response with TRACE method to ICAP server for further processing.

other

Forward HTTP request or response with All other methods to ICAP server for further processing.

response-req-hdr

Enable/disable addition of req-hdr for ICAP response modification (respmod) processing.

option

-

disable

 

Option

Description

disable

Do not add req-hdr for response modification (respmod) processing.

enable

Add req-hdr for response modification (respmod) processing.

respmod-default-action

Default action to ICAP response modification (respmod) processing.

option

-

forward

 

Option

Description

forward

Forward response to icap server unless a rule specifies not to.

bypass

Don't forward request to icap server unless a rule specifies to forward the request.

icap-block-log

Enable/disable UTM log when infection found .

option

-

disable

 

Option

Description

disable

Disable UTM log when infection found.

enable

Enable UTM log when infection found.

chunk-encap

Enable/disable chunked encapsulation .

option

-

disable

 

Option

Description

disable

Do not encapsulate chunked data.

enable

Encapsulate chunked data into a new chunk.

extension-feature

Enable/disable ICAP extension features.

option

-

 

Option

Description

scan-progress

Support X-Scan-Progress-Interval ICAP header.

scan-progress-interval

Scan progress interval value.

integer

Minimum value: 5 Maximum value: 30

10

config icap-headers

Parameter

Description

Type

Size

Default

name

HTTP forwarded header name.

string

Maximum length: 79

content

HTTP header content.

string

Maximum length: 255

base64-encoding

Enable/disable use of base64 encoding of HTTP content.

option

-

disable

 

Option

Description

disable

Disable use of base64 encoding of HTTP content.

enable

Enable use of base64 encoding of HTTP content.

config respmod-forward-rules

Parameter

Description

Type

Size

Default

host

Address object for the host.

string

Maximum length: 79

action

Action to be taken for ICAP server.

option

-

forward

 

Option

Description

forward

Forward request to ICAP server when this rule is matched.

bypass

Don't forward request to ICAP server when this rule is matched.

http-resp-status-code <code>

HTTP response status code.

HTTP response status code.

integer

Minimum value: 100 Maximum value: 599

0 **

** Values may differ between models.

config header-group

Parameter

Description

Type

Size

Default

header-name

HTTP header.

string

Maximum length: 79

header

HTTP header regular expression.

string

Maximum length: 255

case-sensitivity

Enable/disable case sensitivity when matching header.

option

-

disable

 

Option

Description

disable

Ignore case when matching header.

enable

Do not ignore case when matching header.

config icap profile

Configure ICAP profiles.

config icap profile

Description: Configure ICAP profiles.

edit <name>

set replacemsg-group {string}

set request [disable|enable]

set response [disable|enable]

set streaming-content-bypass [disable|enable]

set preview [disable|enable]

set preview-data-length {integer}

set request-server {string}

set response-server {string}

set request-failure [error|bypass]

set response-failure [error|bypass]

set request-path {string}

set response-path {string}

set methods {option1}, {option2}, ...

set response-req-hdr [disable|enable]

set respmod-default-action [forward|bypass]

set icap-block-log [disable|enable]

set chunk-encap [disable|enable]

set extension-feature {option1}, {option2}, ...

set scan-progress-interval {integer}

config icap-headers

Description: Configure ICAP forwarded request headers.

edit <id>

set name {string}

set content {string}

set base64-encoding [disable|enable]

next

end

config respmod-forward-rules

Description: ICAP response mode forward rules.

edit <name>

set host {string}

config header-group

Description: HTTP header group.

edit <id>

set header-name {string}

set header {string}

set case-sensitivity [disable|enable]

next

end

set action [forward|bypass]

set http-resp-status-code <code1>, <code2>, ...

next

end

next

end

config icap profile

Parameter

Description

Type

Size

Default

replacemsg-group

Replacement message group.

string

Maximum length: 35

request

Enable/disable whether an HTTP request is passed to an ICAP server.

option

-

disable

 

Option

Description

disable

Disable HTTP request passing to ICAP server.

enable

Enable HTTP request passing to ICAP server.

response

Enable/disable whether an HTTP response is passed to an ICAP server.

option

-

disable

 

Option

Description

disable

Disable HTTP response passing to ICAP server.

enable

Enable HTTP response passing to ICAP server.

streaming-content-bypass

Enable/disable bypassing of ICAP server for streaming content.

option

-

disable

 

Option

Description

disable

Disable bypassing of ICAP server for streaming content.

enable

Enable bypassing of ICAP server for streaming content.

preview

Enable/disable preview of data to ICAP server.

option

-

disable

 

Option

Description

disable

Disable preview of data to ICAP server.

enable

Enable preview of data to ICAP server.

preview-data-length

Preview data length to be sent to ICAP server.

integer

Minimum value: 0 Maximum value: 4096

0

request-server

ICAP server to use for an HTTP request.

string

Maximum length: 35

response-server

ICAP server to use for an HTTP response.

string

Maximum length: 35

request-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP request.

option

-

error

 

Option

Description

error

Error.

bypass

Bypass.

response-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP response.

option

-

error

 

Option

Description

error

Error.

bypass

Bypass.

request-path

Path component of the ICAP URI that identifies the HTTP request processing service.

string

Maximum length: 127

response-path

Path component of the ICAP URI that identifies the HTTP response processing service.

string

Maximum length: 127

methods

The allowed HTTP methods that will be sent to ICAP server for further processing.

option

-

delete get head options post put trace other

 

Option

Description

delete

Forward HTTP request or response with DELETE method to ICAP server for further processing.

get

Forward HTTP request or response with GET method to ICAP server for further processing.

head

Forward HTTP request or response with HEAD method to ICAP server for further processing.

options

Forward HTTP request or response with OPTIONS method to ICAP server for further processing.

post

Forward HTTP request or response with POST method to ICAP server for further processing.

put

Forward HTTP request or response with PUT method to ICAP server for further processing.

trace

Forward HTTP request or response with TRACE method to ICAP server for further processing.

other

Forward HTTP request or response with All other methods to ICAP server for further processing.

response-req-hdr

Enable/disable addition of req-hdr for ICAP response modification (respmod) processing.

option

-

disable

 

Option

Description

disable

Do not add req-hdr for response modification (respmod) processing.

enable

Add req-hdr for response modification (respmod) processing.

respmod-default-action

Default action to ICAP response modification (respmod) processing.

option

-

forward

 

Option

Description

forward

Forward response to icap server unless a rule specifies not to.

bypass

Don't forward request to icap server unless a rule specifies to forward the request.

icap-block-log

Enable/disable UTM log when infection found .

option

-

disable

 

Option

Description

disable

Disable UTM log when infection found.

enable

Enable UTM log when infection found.

chunk-encap

Enable/disable chunked encapsulation .

option

-

disable

 

Option

Description

disable

Do not encapsulate chunked data.

enable

Encapsulate chunked data into a new chunk.

extension-feature

Enable/disable ICAP extension features.

option

-

 

Option

Description

scan-progress

Support X-Scan-Progress-Interval ICAP header.

scan-progress-interval

Scan progress interval value.

integer

Minimum value: 5 Maximum value: 30

10

config icap-headers

Parameter

Description

Type

Size

Default

name

HTTP forwarded header name.

string

Maximum length: 79

content

HTTP header content.

string

Maximum length: 255

base64-encoding

Enable/disable use of base64 encoding of HTTP content.

option

-

disable

 

Option

Description

disable

Disable use of base64 encoding of HTTP content.

enable

Enable use of base64 encoding of HTTP content.

config respmod-forward-rules

Parameter

Description

Type

Size

Default

host

Address object for the host.

string

Maximum length: 79

action

Action to be taken for ICAP server.

option

-

forward

 

Option

Description

forward

Forward request to ICAP server when this rule is matched.

bypass

Don't forward request to ICAP server when this rule is matched.

http-resp-status-code <code>

HTTP response status code.

HTTP response status code.

integer

Minimum value: 100 Maximum value: 599

0 **

** Values may differ between models.

config header-group

Parameter

Description

Type

Size

Default

header-name

HTTP header.

string

Maximum length: 79

header

HTTP header regular expression.

string

Maximum length: 255

case-sensitivity

Enable/disable case sensitivity when matching header.

option

-

disable

 

Option

Description

disable

Ignore case when matching header.

enable

Do not ignore case when matching header.