Fortinet white logo
Fortinet white logo

CLI Reference

config icap profile

config icap profile

Configure ICAP profiles.

config icap profile

Description: Configure ICAP profiles.

edit <name>

set replacemsg-group {string}

set request [disable|enable]

set response [disable|enable]

set file-transfer {option1}, {option2}, ...

set streaming-content-bypass [disable|enable]

set 204-size-limit {integer}

set 204-response [disable|enable]

set preview [disable|enable]

set preview-data-length {integer}

set request-server {string}

set response-server {string}

set file-transfer-server {string}

set request-failure [error|bypass]

set response-failure [error|bypass]

set file-transfer-failure [error|bypass]

set request-path {string}

set response-path {string}

set file-transfer-path {string}

set methods {option1}, {option2}, ...

set response-req-hdr [disable|enable]

set respmod-default-action [forward|bypass]

set icap-block-log [disable|enable]

set chunk-encap [disable|enable]

set extension-feature {option1}, {option2}, ...

set scan-progress-interval {integer}

set timeout {integer}

config icap-headers

Description: Configure ICAP forwarded request headers.

edit <id>

set name {string}

set content {string}

set base64-encoding [disable|enable]

next

end

config respmod-forward-rules

Description: ICAP response mode forward rules.

edit <name>

set host {string}

config header-group

Description: HTTP header group.

edit <id>

set header-name {string}

set header {string}

set case-sensitivity [disable|enable]

next

end

set action [forward|bypass]

set http-resp-status-code <code1>, <code2>, ...

next

end

next

end

config icap profile

Parameter

Description

Type

Size

Default

replacemsg-group

Replacement message group.

string

Not Specified

request

Enable/disable whether an HTTP request is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP request passing to ICAP server.

enable

Enable HTTP request passing to ICAP server.

response

Enable/disable whether an HTTP response is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP response passing to ICAP server.

enable

Enable HTTP response passing to ICAP server.

file-transfer

Configure the file transfer protocols to pass transferred files to an ICAP server as REQMOD.

option

-

Option

Description

ssh

Forward file transfer with SSH protocol to ICAP server for further processing.

ftp

Forward file transfer with FTP protocol to ICAP server for further processing.

streaming-content-bypass

Enable/disable bypassing of ICAP server for streaming content.

option

-

disable

Option

Description

disable

Disable bypassing of ICAP server for streaming content.

enable

Enable bypassing of ICAP server for streaming content.

204-size-limit

204 response size limit to be saved by ICAP client in megabytes .

integer

Minimum value: 1 Maximum value: 10

1

204-response

Enable/disable allowance of 204 response from ICAP server.

option

-

disable

Option

Description

disable

Disable allowance of 204 response from ICAP server.

enable

Enable allowance of 204 response from ICAP server.

preview

Enable/disable preview of data to ICAP server.

option

-

disable

Option

Description

disable

Disable preview of data to ICAP server.

enable

Enable preview of data to ICAP server.

preview-data-length

Preview data length to be sent to ICAP server.

integer

Minimum value: 0 Maximum value: 4096

0

request-server

ICAP server to use for an HTTP request.

string

Not Specified

response-server

ICAP server to use for an HTTP response.

string

Not Specified

file-transfer-server

ICAP server to use for a file transfer.

string

Not Specified

request-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP request.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

response-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP response.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

file-transfer-failure

Action to take if the ICAP server cannot be contacted when processing a file transfer.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

request-path

Path component of the ICAP URI that identifies the HTTP request processing service.

string

Not Specified

response-path

Path component of the ICAP URI that identifies the HTTP response processing service.

string

Not Specified

file-transfer-path

Path component of the ICAP URI that identifies the file transfer processing service.

string

Not Specified

methods

The allowed HTTP methods that will be sent to ICAP server for further processing.

option

-

delete get head options post put trace connect other

Option

Description

delete

Forward HTTP request or response with DELETE method to ICAP server for further processing.

get

Forward HTTP request or response with GET method to ICAP server for further processing.

head

Forward HTTP request or response with HEAD method to ICAP server for further processing.

options

Forward HTTP request or response with OPTIONS method to ICAP server for further processing.

post

Forward HTTP request or response with POST method to ICAP server for further processing.

put

Forward HTTP request or response with PUT method to ICAP server for further processing.

trace

Forward HTTP request or response with TRACE method to ICAP server for further processing.

connect

Forward HTTP request or response with CONNECT method to ICAP server for further processing.

other

Forward HTTP request or response with All other methods to ICAP server for further processing.

response-req-hdr

Enable/disable addition of req-hdr for ICAP response modification (respmod) processing.

option

-

enable

Option

Description

disable

Do not add req-hdr for response modification (respmod) processing.

enable

Add req-hdr for response modification (respmod) processing.

respmod-default-action

Default action to ICAP response modification (respmod) processing.

option

-

forward

Option

Description

forward

Forward response to ICAP server unless a rule specifies not to.

bypass

Don't forward request to ICAP server unless a rule specifies to forward the request.

icap-block-log

Enable/disable UTM log when infection found .

option

-

disable

Option

Description

disable

Disable UTM log when infection found.

enable

Enable UTM log when infection found.

chunk-encap

Enable/disable chunked encapsulation .

option

-

disable

Option

Description

disable

Do not encapsulate chunked data.

enable

Encapsulate chunked data into a new chunk.

extension-feature

Enable/disable ICAP extension features.

option

-

Option

Description

scan-progress

Support X-Scan-Progress-Interval ICAP header.

scan-progress-interval

Scan progress interval value.

integer

Minimum value: 5 Maximum value: 30

10

timeout

Time (in seconds) that ICAP client waits for the response from ICAP server.

integer

Minimum value: 30 Maximum value: 3600

30

config icap-headers

Parameter

Description

Type

Size

Default

name

HTTP forwarded header name.

string

Not Specified

content

HTTP header content.

string

Not Specified

base64-encoding

Enable/disable use of base64 encoding of HTTP content.

option

-

disable

Option

Description

disable

Disable use of base64 encoding of HTTP content.

enable

Enable use of base64 encoding of HTTP content.

config respmod-forward-rules

Parameter

Description

Type

Size

Default

host

Address object for the host.

string

Not Specified

action

Action to be taken for ICAP server.

option

-

forward

Option

Description

forward

Forward request to ICAP server when this rule is matched.

bypass

Don't forward request to ICAP server when this rule is matched.

http-resp-status-code <code>

HTTP response status code.

HTTP response status code.

integer

Minimum value: 100 Maximum value: 599

0 **

** Values may differ between models.

config header-group

Parameter

Description

Type

Size

Default

header-name

HTTP header.

string

Not Specified

header

HTTP header regular expression.

string

Not Specified

case-sensitivity

Enable/disable case sensitivity when matching header.

option

-

disable

Option

Description

disable

Ignore case when matching header.

enable

Do not ignore case when matching header.

config icap profile

config icap profile

Configure ICAP profiles.

config icap profile

Description: Configure ICAP profiles.

edit <name>

set replacemsg-group {string}

set request [disable|enable]

set response [disable|enable]

set file-transfer {option1}, {option2}, ...

set streaming-content-bypass [disable|enable]

set 204-size-limit {integer}

set 204-response [disable|enable]

set preview [disable|enable]

set preview-data-length {integer}

set request-server {string}

set response-server {string}

set file-transfer-server {string}

set request-failure [error|bypass]

set response-failure [error|bypass]

set file-transfer-failure [error|bypass]

set request-path {string}

set response-path {string}

set file-transfer-path {string}

set methods {option1}, {option2}, ...

set response-req-hdr [disable|enable]

set respmod-default-action [forward|bypass]

set icap-block-log [disable|enable]

set chunk-encap [disable|enable]

set extension-feature {option1}, {option2}, ...

set scan-progress-interval {integer}

set timeout {integer}

config icap-headers

Description: Configure ICAP forwarded request headers.

edit <id>

set name {string}

set content {string}

set base64-encoding [disable|enable]

next

end

config respmod-forward-rules

Description: ICAP response mode forward rules.

edit <name>

set host {string}

config header-group

Description: HTTP header group.

edit <id>

set header-name {string}

set header {string}

set case-sensitivity [disable|enable]

next

end

set action [forward|bypass]

set http-resp-status-code <code1>, <code2>, ...

next

end

next

end

config icap profile

Parameter

Description

Type

Size

Default

replacemsg-group

Replacement message group.

string

Not Specified

request

Enable/disable whether an HTTP request is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP request passing to ICAP server.

enable

Enable HTTP request passing to ICAP server.

response

Enable/disable whether an HTTP response is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP response passing to ICAP server.

enable

Enable HTTP response passing to ICAP server.

file-transfer

Configure the file transfer protocols to pass transferred files to an ICAP server as REQMOD.

option

-

Option

Description

ssh

Forward file transfer with SSH protocol to ICAP server for further processing.

ftp

Forward file transfer with FTP protocol to ICAP server for further processing.

streaming-content-bypass

Enable/disable bypassing of ICAP server for streaming content.

option

-

disable

Option

Description

disable

Disable bypassing of ICAP server for streaming content.

enable

Enable bypassing of ICAP server for streaming content.

204-size-limit

204 response size limit to be saved by ICAP client in megabytes .

integer

Minimum value: 1 Maximum value: 10

1

204-response

Enable/disable allowance of 204 response from ICAP server.

option

-

disable

Option

Description

disable

Disable allowance of 204 response from ICAP server.

enable

Enable allowance of 204 response from ICAP server.

preview

Enable/disable preview of data to ICAP server.

option

-

disable

Option

Description

disable

Disable preview of data to ICAP server.

enable

Enable preview of data to ICAP server.

preview-data-length

Preview data length to be sent to ICAP server.

integer

Minimum value: 0 Maximum value: 4096

0

request-server

ICAP server to use for an HTTP request.

string

Not Specified

response-server

ICAP server to use for an HTTP response.

string

Not Specified

file-transfer-server

ICAP server to use for a file transfer.

string

Not Specified

request-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP request.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

response-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP response.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

file-transfer-failure

Action to take if the ICAP server cannot be contacted when processing a file transfer.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

request-path

Path component of the ICAP URI that identifies the HTTP request processing service.

string

Not Specified

response-path

Path component of the ICAP URI that identifies the HTTP response processing service.

string

Not Specified

file-transfer-path

Path component of the ICAP URI that identifies the file transfer processing service.

string

Not Specified

methods

The allowed HTTP methods that will be sent to ICAP server for further processing.

option

-

delete get head options post put trace connect other

Option

Description

delete

Forward HTTP request or response with DELETE method to ICAP server for further processing.

get

Forward HTTP request or response with GET method to ICAP server for further processing.

head

Forward HTTP request or response with HEAD method to ICAP server for further processing.

options

Forward HTTP request or response with OPTIONS method to ICAP server for further processing.

post

Forward HTTP request or response with POST method to ICAP server for further processing.

put

Forward HTTP request or response with PUT method to ICAP server for further processing.

trace

Forward HTTP request or response with TRACE method to ICAP server for further processing.

connect

Forward HTTP request or response with CONNECT method to ICAP server for further processing.

other

Forward HTTP request or response with All other methods to ICAP server for further processing.

response-req-hdr

Enable/disable addition of req-hdr for ICAP response modification (respmod) processing.

option

-

enable

Option

Description

disable

Do not add req-hdr for response modification (respmod) processing.

enable

Add req-hdr for response modification (respmod) processing.

respmod-default-action

Default action to ICAP response modification (respmod) processing.

option

-

forward

Option

Description

forward

Forward response to ICAP server unless a rule specifies not to.

bypass

Don't forward request to ICAP server unless a rule specifies to forward the request.

icap-block-log

Enable/disable UTM log when infection found .

option

-

disable

Option

Description

disable

Disable UTM log when infection found.

enable

Enable UTM log when infection found.

chunk-encap

Enable/disable chunked encapsulation .

option

-

disable

Option

Description

disable

Do not encapsulate chunked data.

enable

Encapsulate chunked data into a new chunk.

extension-feature

Enable/disable ICAP extension features.

option

-

Option

Description

scan-progress

Support X-Scan-Progress-Interval ICAP header.

scan-progress-interval

Scan progress interval value.

integer

Minimum value: 5 Maximum value: 30

10

timeout

Time (in seconds) that ICAP client waits for the response from ICAP server.

integer

Minimum value: 30 Maximum value: 3600

30

config icap-headers

Parameter

Description

Type

Size

Default

name

HTTP forwarded header name.

string

Not Specified

content

HTTP header content.

string

Not Specified

base64-encoding

Enable/disable use of base64 encoding of HTTP content.

option

-

disable

Option

Description

disable

Disable use of base64 encoding of HTTP content.

enable

Enable use of base64 encoding of HTTP content.

config respmod-forward-rules

Parameter

Description

Type

Size

Default

host

Address object for the host.

string

Not Specified

action

Action to be taken for ICAP server.

option

-

forward

Option

Description

forward

Forward request to ICAP server when this rule is matched.

bypass

Don't forward request to ICAP server when this rule is matched.

http-resp-status-code <code>

HTTP response status code.

HTTP response status code.

integer

Minimum value: 100 Maximum value: 599

0 **

** Values may differ between models.

config header-group

Parameter

Description

Type

Size

Default

header-name

HTTP header.

string

Not Specified

header

HTTP header regular expression.

string

Not Specified

case-sensitivity

Enable/disable case sensitivity when matching header.

option

-

disable

Option

Description

disable

Ignore case when matching header.

enable

Do not ignore case when matching header.