Related Configuration on the ICAP Client
When you work with Check Point ICAP Server
The ICAP Server functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Client requests, send the files for inspection, and return the verdict., make sure to set this configuration on your ICAP Client The ICAP Client functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Server responses (see RFC 3507), modify their content, and block the matched HTTP connections..
Configuration for ICAP Client
-
Direct the ICAP modification requests to the ICAP Server sandblast service.
For example:
icap://<IP_Address>:1344/sandblast. -
Set the ICAP Client to send these headers, if possible:
X-Client-IPX-Server-IPX-Authentication-User
These headers are used in the ICAP Server logs.
-
Make sure the operation timeout for the ICAP Client is equal or higher than the operation timeout for the ICAP Server.
Note - The sandblast service on the Check Point ICAP Server can take some time to respond.
-
For HTTPS traffic, configure the ICAP Client to send clear HTTP (decrypted HTTPS) traffic to the Check Point ICAP Server. If this option is not available on your ICAP Client, the ICAP Server is not able to process the traffic.
|
|
Notes:
|
