Configuring ICAP Client in Gateway mode

Important - In Cluster, you must configure the ICAP Client functionality in the same way on each cluster member.

Procedure:

1. Connect to the command line on the Security Gateway.
2. Log in to the Expert mode.
3. Follow the instructions in the ICAP user-disclaimer:

   [Expert@GW:0]# IcapDisclaimer.sh

   If you agreed to the ICAP user-disclaimer, continue to the next step.

4. Backup the default ICAP Client configuration file:

   [Expert@GW:0]# cp -v $FWDIR/conf/icap_client_blade_configuration.C{,_BKP}

5. Configure the ICAP Client parameters:

   [Expert@GW:0]# vi $FWDIR/conf/icap_client_blade_configuration.C

   For details, see these sections:

   • The ICAP Client Configuration File
   • Example of the ICAP Client Configuration File.
6. Save the changes in the ICAP Client configuration file and exit the Vi editor.
7. To inspect the HTTPS traffic with the ICAP Client, you must:
   1. Enable the HTTPS Inspection in the Security Gateway object.
   2. Configure the HTTPS Inspection Rule Base.

   For details, see the Configuring HTTPS Inspection.

8. Install the Access Control Policy on the Security Gateway:
   • If you enabled and configured the HTTPS Inspection, install the policy from the SmartConsole.
   • If you did not enable and configure the HTTPS Inspection, you can do one of these:
     • Install the policy from the SmartConsole.
     • Fetch the local policy with the fw fetch localhost command.

   Note - If one of the ICAP configuration parameters is not configured correctly, SmartConsole shows an error with the name of the applicable parameter.