FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acp
Staff
Staff
Description
This articles describes how to configure a secure SSL connection from the FortiGate to the ICAP server.

Solution
A secure SSL connection from the FortiGate to the ICAP server can be configured as follows.
# config icap server
    edit "server"
        set secure {enable | disable}
        set ssl-cert <certificate>
    next
end
To configure a secure ICAP client:

Configure the ICAP server.

# config icap server
    edit "icap_server1"
        set ip-version 4
        set ip-address 192.168.10.2
        set port 11344
        set max-connections 100
        set secure enable
        set ssl-cert "ACCVRAIZ1"
    next
end
Configure the ICAP profile.
# config icap profile
    edit "icap_profile1"
        set request enable
        set response enable
        set streaming-content-bypass enable
        set request-server "icap_server1"
        set response-server "icap_server1"
    next
end
Configure the firewall policy.
# config firewall policy
    edit 1
        set utm-status enable
        set inspection-mode proxy
        set ssl-ssh-profile "protocols"
        set icap-profile "icap_profile1"
    next
end
Related document.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/253557/support-secure-icap-clients

Contributors