Technical Tip: Configure a secure SSL connection from the FortiGate to the ICAP server
Description
This articles describes how to configure a secure SSL connection from the FortiGate to the ICAP server.
Solution
A secure SSL connection from the FortiGate to the ICAP server can be configured as follows.
Configure the ICAP server.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/253557/support-secure-icap-clients
This articles describes how to configure a secure SSL connection from the FortiGate to the ICAP server.
Solution
A secure SSL connection from the FortiGate to the ICAP server can be configured as follows.
# config icap serverTo configure a secure ICAP client:
edit "server"
set secure {enable | disable}
set ssl-cert <certificate>
next
end
Configure the ICAP server.
# config icap serverConfigure the ICAP profile.
edit "icap_server1"
set ip-version 4
set ip-address 192.168.10.2
set port 11344
set max-connections 100
set secure enable
set ssl-cert "ACCVRAIZ1"
next
end
# config icap profileConfigure the firewall policy.
edit "icap_profile1"
set request enable
set response enable
set streaming-content-bypass enable
set request-server "icap_server1"
set response-server "icap_server1"
next
end
# config firewall policyRelated document.
edit 1
set utm-status enable
set inspection-mode proxy
set ssl-ssh-profile "protocols"
set icap-profile "icap_profile1"
next
end
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/253557/support-secure-icap-clients