Configuring ICAP Client in VSX mode

You configure the ICAP Client functionality in the context of each applicable Virtual System.

Important - In VSX Cluster, you must configure the ICAP Client functionality in the same way on each VSX cluster member.

Procedure:

1. Connect to the command line on the VSX Gateway.
2. Log in to the Expert mode.
3. Go to the context of the applicable Virtual System:

   [Expert@VSX:0]# vsenv <VSID>

4. Follow the instructions in the ICAP user-disclaimer:

   [Expert@VSX:<VSID>]# IcapDisclaimer.sh

   If you agreed to the ICAP user-disclaimer, continue to the next step.

5. Backup the default ICAP Client configuration file:

   [Expert@VSX:<VSID>]# cp -v $FWDIR/conf/icap_client_blade_configuration.C{,_BKP}

6. Configure the ICAP Client parameters:

   [Expert@VSX:<VSID>]# vi $FWDIR/conf/icap_client_blade_configuration.C

   For details, see these sections:

   • The $FWDIR/conf/icap_client_blade_configuration.C File
   • Example of the ICAP Client Configuration File.
7. Save the changes in the ICAP Client configuration file and exit the Vi editor.
8. To inspect the HTTPS traffic with the ICAP Client, you must:
   1. Enable the HTTPS Inspection in the Virtual System object.
   2. Configure the HTTPS Inspection Rule Base.

   For details, see the Configuring HTTPS Inspection.

9. Install the Access Control Policy on the Virtual System:
   • If you enabled and configured the HTTPS Inspection, install the policy from the SmartConsole
   • If you did not enable and configure the HTTPS Inspection, you can do one of these:
     • Install the policy from the SmartConsole.
     • Fetch the local policy with the fw fetch localhost command (in the context of this Virtual System).

   Note - If one of the ICAP configuration parameters is not configured correctly, SmartConsole shows an error with the name of the applicable parameter.