Introduction:

ICAP (Internet Content Adaptation Protocol) is an application layer protocol for offloading responsibilities from the firewall to dedicated servers.

Only policies that use proxy-based inspection can use ICAP profiles. When ICAP is enabled in a policy, all HTTP and HTTPS traffic intercepted by the policy (if Deep inspection is supported) is sent to the ICAP server defined by the selected ICAP profile.

The FortiGate receives responses from the ICAP server and forwards them to their intended destination.

To troubleshoot connection issues between FortiGate and the ICAP server:

Collect the following sniffer output:

diagnose sniffer packet any 'host <icap_server_ip> and port 1344' 6 none l

Collect the following WAD debug:

diagnose debug disable
diagnose debug reset
diagnose debug console timestamp enable
diagnose wad debug enable category http
diagnose wad debug enable category icap
diagnose wad debug enable level info
diagnose debug enable

 To disable debugs:

diagnose debug disable

Note: Starting FortiOS v7.4.4, this feature is not supported anymore on FortiGate models with 2GB RAM or less, since Proxy-related features are not supported on FortiGate 2GB RAM models to enhance performance and optimize memory usage. See: Proxy-related features not supported on FortiGate 2 GB RAM models for more info.

Related article:

Technical Tip: Troubleshooting ICAP Profile