Technical Tip: ICAP integration with Forcepoint fails due to incorrect path configuration

vsharma · ‎07-10-2025

Description

This article describes how to resolve an issue where FortiGate ICAP integration fails with the Forcepoint ICAP server and returns HTTP 500 errors due to an incorrect service path configuration.

Scope

FortiGate.

Solution

When integrating FortiGate with an ICAP server, it is essential to configure the correct request and response paths. Using incorrect or placeholder paths can result in HTTP 500 errors returned by the ICAP server. This prevents content inspection from functioning correctly.

This caused the Forcepoint ICAP server to reject requests and return the following error:

ICAP/1.0 500 Other
Server: Traffic Spicer 2.2.2
ISTag: 'PA/v2.2.2/cd142ce/v3.2.2'
X-Response-Desc: xerror
X-Response-Info: xerror

The error indicates that the ICAP server does not recognize or accept the specified service path.

Common paths for Forcepoint ICAP services are 'reqmod' (request modification) and 'respmod' (response modification).

To resolve the issue, update the FortiGate ICAP profile configuration to use these paths:

config icap profile
set request-path 'reqmod'
set response-path 'respmod'
end

Related articles:

Technical Tip: How to enable ICAP

Technical Tip: How to troubleshoot ICAP

Technical Tip: ICAP integration with Forcepoint fails due to incorrect path configuration

You are leaving our website