Fortinet black logo

Administration Guide

Home FortiNDR 7.0.1 Administration Guide
7.0.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

ICAP Connectors

ICAP Connectors

FortiNDR can act as an ICAP server to allow ICAP clients such as FortiGate, Squid, and others to offload web traffic for scanning.

Use the ICAP connector to:

  • Stop patient zero in the web browsing client.
  • Stop malware coming from web browsing.
  • Scan for malware in web traffic without using FortiGate AV profiles.
  • Offload to FortiNDR for existing FortiSandbox customers who cannot use OFTP .
Note

ICAP connectors are not suitable for high traffic volumes. If the sample submit rate is higher than six sumbmissions per second, we recommend using the Inline Blocking feature in FortiGate to do the sample submitting instead.
To integrate FortiNDR with FortiGate ICAP:
  1. In FortiGate:
    1. Add the ICAP server.
    2. Create an ICAP profile.
    3. Add the ICAP profile to a policy.
  2. In FortiNDR, configure the ICAP server.

For an example of setting up an ICAP Connector, see FortiNDR and FortiGate ICAP configuration example.

To enable ICAP in FortiNDR:
  1. Go to Security Fabric > Fabric Connectors and click the ICAP card.
  2. Click Enable ICAP Connector.
  3. Configure the ICAP settings and click OK.

Previous
Next

ICAP Connectors

FortiNDR can act as an ICAP server to allow ICAP clients such as FortiGate, Squid, and others to offload web traffic for scanning.

Use the ICAP connector to:

  • Stop patient zero in the web browsing client.
  • Stop malware coming from web browsing.
  • Scan for malware in web traffic without using FortiGate AV profiles.
  • Offload to FortiNDR for existing FortiSandbox customers who cannot use OFTP .
Note

ICAP connectors are not suitable for high traffic volumes. If the sample submit rate is higher than six sumbmissions per second, we recommend using the Inline Blocking feature in FortiGate to do the sample submitting instead.
To integrate FortiNDR with FortiGate ICAP:
  1. In FortiGate:
    1. Add the ICAP server.
    2. Create an ICAP profile.
    3. Add the ICAP profile to a policy.
  2. In FortiNDR, configure the ICAP server.

For an example of setting up an ICAP Connector, see FortiNDR and FortiGate ICAP configuration example.

To enable ICAP in FortiNDR:
  1. Go to Security Fabric > Fabric Connectors and click the ICAP card.
  2. Click Enable ICAP Connector.
  3. Configure the ICAP settings and click OK.

Previous
Next