Configuring ICAP Client in VSX mode
You configure the ICAP Client functionality in the context of each applicable Virtual System.
Important - In VSX Cluster, you must configure the ICAP Client functionality in the same way on each VSX cluster member.
Procedure:
- Connect to the command line on the VSX Gateway.
- Log in to the Expert mode.
- Go to the context of the applicable Virtual System:
[Expert@VSX:0]# vsenv < VSID>
|
- Follow the instructions in the ICAP user-disclaimer:
[Expert@VSX:< VSID> ]# IcapDisclaimer.sh
|
If you agreed to the ICAP user-disclaimer, continue to the next step.
- Backup the default ICAP Client configuration file:
[Expert@VSX:< VSID> ]# cp -v $FWDIR/conf/icap_client_blade_configuration.C{,_BKP}
|
- Configure the ICAP Client parameters:
[Expert@VSX:< VSID> ]# vi $FWDIR/conf/icap_client_blade_configuration.C
|
For details, see these sections:
- Save the changes in the ICAP Client configuration file and exit the Vi editor.
- To inspect the HTTPS traffic with the ICAP Client, you must:
- Enable the HTTPS Inspection in the Virtual System object.
- Configure the HTTPS Inspection Rule Base.
For details, see the Configuring HTTPS Inspection.
- Install the Access Control Policy on the Virtual System:
- If you enabled and configured the HTTPS Inspection, install the policy from the SmartConsole
- If you did not enable and configure the HTTPS Inspection, you can do one of these:
- Install the policy from the SmartConsole.
- Fetch the local policy with the
fw fetch localhost
command (in the context of this Virtual System).
Note - If one of the ICAP configuration parameters is not configured correctly, SmartConsole shows an error with the name of the applicable parameter.