Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎12-02-2011 05:07 AM Edited on ‎02-05-2024 03:43 AM By Community Manager

Article Id 189588

Technical Note : FortiOS and ICAP protocol support

Description

This article explains ICAP protocol support and its implementation within FortiOS.


Scope

FortiOS v4.0MR3 and above.


Solution

ICAP Definition

The Internet Content Adaptation Protocol (ICAP) is a lightweight HTTP-like protocol specified in RFC 3507. ICAP is used to extend transparent proxy servers, so as to free up resources and standardizing the way in which new features are implemented.

ICAP is generally used to implement virus scanning, and content filters in transparent HTTP proxy caches. Content Adaptation refers to performing the particular value added service (content manipulation) for the associated client request/response.

ICAP concentrates on using edge-based devices (proxies and caches) to help deliver value-added services. At the core of this process is a cache that will proxy all client transactions and will process them through ICAP Web servers.

These ICAP servers are focused on a specific function, for example, ad insertion, virus scanning, content translation, language translation, or content filtering. Off-loading value-added services from Web servers to ICAP servers allows those same web servers to be scaled according to raw HTTP throughput versus having to handle these extra tasks.

ICAP in its most basic form is a "lightweight" HTTP based remote procedure call protocol. In other words, ICAP allows its clients to pass HTTP based (HTML) messages (Content) to ICAP servers for adaptation. Adaptation refers to performing the particular value added service (content manipulation) for the associated client request/response.


FortiOS Implementation

ICAP works with FortiOS by interacting with the standard transparent proxy as shown below:
config firewall policy
edit 15
set srcaddr "all"
set dstaddr "all"
set service "ANY"
set icap-profile "ICAP-Profile"
However it should be noted that ICAP protocol and the FortiOS explicit proxy is not a supported configuration.

Refer to the examples in the "FortiOS v4.0 MR3 Handbook - The Complete Guide" for more information on how to configure ICAP with the FortiOS transparent proxy.

 

 

5999
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.