ICAP scanning with FTP

Transferred files can be forwarded to the ICAP server for further processing using FTP.

To configure ICAP scanning with FTP in the GUI:

Configure an ICAP remote server.
Create an ICAP profile that references the server.
Select FTP in Protocol.
Select the server you created in step 1 in Server.
Enable and configure explicit FTP Proxy.

Create an explicit FTP proxy policy that uses the ICAP profile.

Select FTP under Type for an explicit FTP proxy policy.
Select ACCEPT for Action to enable the Security Profiles options. You can then enable ICAP and select the ICAP profile you configured in step 2 from the dropdown list.

To configure ICAP scanning with FTP in the CLI:

Configure an ICAP remote server:
```
config icap remote-server
    edit "icap1"
        set ip-address 172.18.20.43
    next
end
```
See config icap remote-server in the CLI guide for more details.

Create an ICAP profile that references the server:

config icap profile
    edit "icapFTP"
        set file-transfer ftp
        set file-transfer-server "icap1"
        set file-transfer-failure error
        set file-transfer-path "ftpicap"
    next
end

See config icap profile in the CLI guide for more details.

Enable and configure explicit FTP Proxy:

config ftp-proxy explicit
    set status [enable|disable]
    set incoming-port {user}
    set incoming-ip {ipv4-address-any}
    set outgoing-ip {ipv4-address-any}
    set sec-default-action [accept|deny]
    set server-data-mode [client|passive]
    set ssl [enable|disable]
    set ssl-cert {string}
    set ssl-dh-bits [768|1024|...]
    set ssl-algorithm [high|medium|...]
end

See config ftp-proxy explicit in the CLI guide for more details.

Create an explicit FTP proxy policy that uses the ICAP profile:

config firewall policy
    edit 1
        set type explicit-ftp
        set name "test"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set ssl-ssh-profile "certificate-inspection"
        set utm-status enable
        set icap-profile "icapFTP"
    next
end

See config firewall policy in the CLI guide for more details.

ICAP scanning with FTP

Transferred files can be forwarded to the ICAP server for further processing using FTP.

To configure ICAP scanning with FTP in the GUI:

Configure an ICAP remote server.
Create an ICAP profile that references the server.
Select FTP in Protocol.
Select the server you created in step 1 in Server.
Enable and configure explicit FTP Proxy.

Create an explicit FTP proxy policy that uses the ICAP profile.

Select FTP under Type for an explicit FTP proxy policy.
Select ACCEPT for Action to enable the Security Profiles options. You can then enable ICAP and select the ICAP profile you configured in step 2 from the dropdown list.

To configure ICAP scanning with FTP in the CLI:

Configure an ICAP remote server:
```
config icap remote-server
    edit "icap1"
        set ip-address 172.18.20.43
    next
end
```
See config icap remote-server in the CLI guide for more details.

Create an ICAP profile that references the server:

config icap profile
    edit "icapFTP"
        set file-transfer ftp
        set file-transfer-server "icap1"
        set file-transfer-failure error
        set file-transfer-path "ftpicap"
    next
end

See config icap profile in the CLI guide for more details.

Enable and configure explicit FTP Proxy:

config ftp-proxy explicit
    set status [enable|disable]
    set incoming-port {user}
    set incoming-ip {ipv4-address-any}
    set outgoing-ip {ipv4-address-any}
    set sec-default-action [accept|deny]
    set server-data-mode [client|passive]
    set ssl [enable|disable]
    set ssl-cert {string}
    set ssl-dh-bits [768|1024|...]
    set ssl-algorithm [high|medium|...]
end

See config ftp-proxy explicit in the CLI guide for more details.

Create an explicit FTP proxy policy that uses the ICAP profile:

config firewall policy
    edit 1
        set type explicit-ftp
        set name "test"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set ssl-ssh-profile "certificate-inspection"
        set utm-status enable
        set icap-profile "icapFTP"
    next
end

See config firewall policy in the CLI guide for more details.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Administration Guide

ICAP scanning with FTP

To configure ICAP scanning with FTP in the GUI:

To configure ICAP scanning with FTP in the CLI:

ICAP scanning with FTP

ICAP scanning with FTP

To configure ICAP scanning with FTP in the GUI:

To configure ICAP scanning with FTP in the CLI: