Configuring ICAP Client in Gateway mode
Important - In Cluster, you must configure the ICAP Client functionality in the same way on each cluster member.
Procedure:
- Connect to the command line on the Security Gateway.
- Log in to the Expert mode.
- Follow the instructions in the ICAP user-disclaimer:
[Expert@GW:0]# IcapDisclaimer.sh
|
If you agreed to the ICAP user-disclaimer, continue to the next step.
- Backup the default ICAP Client configuration file:
[Expert@GW:0]# cp -v $FWDIR/conf/icap_client_blade_configuration.C{,_BKP}
|
- Configure the ICAP Client parameters:
[Expert@GW:0]# vi $FWDIR/conf/icap_client_blade_configuration.C
|
For details, see these sections:
- Save the changes in the ICAP Client configuration file and exit the Vi editor.
- To inspect the HTTPS traffic with the ICAP Client, you must:
- Enable the HTTPS Inspection in the Security Gateway object.
- Configure the HTTPS Inspection Rule Base.
For details, see the Configuring HTTPS Inspection.
- Install the Access Control Policy on the Security Gateway:
- If you enabled and configured the HTTPS Inspection, install the policy from the SmartConsole.
- If you did not enable and configure the HTTPS Inspection, you can do one of these:
- Install the policy from the SmartConsole.
- Fetch the local policy with the
fw fetch localhost
command.
Note - If one of the ICAP configuration parameters is not configured correctly, SmartConsole shows an error with the name of the applicable parameter.