ICAP Server Workflow

Item No.

Description

1

Client

2

Third party gateway or proxy

3

ICAP ClientClosed The ICAP Client functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Server responses (see RFC 3507), modify their content, and block the matched HTTP connections.

4

Web server

5

Check Point gateway

6

ICAP ServerClosed The ICAP Server functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Client requests, send the files for inspection, and return the verdict.

Step

Instructions

1

The client sends a request to the third party gateway/proxy server to download a file.

2

The third party gateway/proxy sends the download request to the Web server.

3

The Web server sends the requested file to the third party gateway/proxy.

4

The ICAP Client forwards the file to the ICAP Server which is in the Check Point Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. gateway.

5

The ICAP Server sends the file to the Threat Emulation engine.

6

The Threat Emulation checks the file

  1. The Threat Emulation engine returns a verdict (block, modified or continue) to the ICAP Server.

  2. The ICAP Server sends the verdict to the ICAP Client.

  3. The ICAP Client sends the verdict to the client.