FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This articles describes how to configure a secure SSL connection from the FortiGate to the ICAP server.
Solution A secure SSL connection from the FortiGate to the ICAP server can be configured as follows.
# config icap server edit "server" set secure {enable | disable} set ssl-cert <certificate> next end
To configure a secure ICAP client: Configure the ICAP server.
# config icap server edit "icap_server1" set ip-version 4 set ip-address 192.168.10.2 set port 11344 set max-connections 100 set secure enable set ssl-cert "ACCVRAIZ1" next end
Configure the ICAP profile.
# config icap profile edit "icap_profile1" set request enable set response enable set streaming-content-bypass enable set request-server "icap_server1" set response-server "icap_server1" next end
Configure the firewall policy.
# config firewall policy edit 1 set utm-status enable set inspection-mode proxy set ssl-ssh-profile "protocols" set icap-profile "icap_profile1" next end
