# Config icap server
edit "icap_server1"
set ip-address <ICAP_Server_IP>
end
# config icap profileNote:
edit "icap_profile2"
set request disable
set response enable
set response-server "icap_server1"
set respmod-default-action bypass
# config respmod-forward-rules
edit "rule2"
set host "all"
set action forward
set http-resp-status-code 200 301 302
# config header-group
edit 2
set header-name "content-type"
set header "image/jpeg"
next
end
next
end
next
end
ICAP server for inspection.
In above PCAP file, the FortiGate is not receiving any ICAP response packet from the ICAP server and is throwing error 'An ICAP error was encountered while handling the request'.ICAP packet going out from the FortiGate firewall.Use category 20 for ICAP log.# execute log filter category 20Browser output .
# execute log display
1: date=2020-04-21 time=12:42:15 logid="2000060000" type="utm" subtype="icap" eventtype="icap" level="warning" vd="root" eventtime=1587465735129231120 tz="+0200" msg="Request blocked due to ICAP server error" service="HTTP" srcip=172.31.133.213 dstip=162.x.x.x srcport=56232 dstport=80 srcintf="port3" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" policyid=1 sessionid=371403 proto=6 action="blocked" profile="default" url="http://www.anydomain.com /images/gap.jpg"In above output, The 'jpg' image content type response processed by the ICAP server.In about output, the 'png' image content type response bypassed by FortiGate from ICAP inspection.
Refer to this RFC3507 for more information.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.