FortiNDR (on-premise)
On-premise where solution process and store data on customer’s network. Supports Netflow and OT deployments.
pchee
Staff
Staff
Article Id 262480
Description This article describes how to configure ICAP integration between FortiNDR and FortiGate.
Scope FortiNDR v7.2.
Solution

Under FortiNDR, navigate to Security Fabric -> Fabric Connectors -> Local Connection Configuration.

Enable the ICAP connector and make sure the interface selected is (MGMT) interface.

 

ICAP.jpg

 

Under the FortiGate, enable the ICAP feature under System -> Feature Visibility -> Additional Features -> ICAP.

 

feature.jpg

 

Navigate under Security Profiles -> ICAP Servers -> New ICAP Server and create the ICAP Server profile:

 

Server.jpg

 

Navigate under Security Profiles -> ICAP Servers ->  ICAP to create an ICAP profile. Note that the path for processing should be:

Request processing path : reqmod.

Response processing path : respmod.

 

FNDRICAP.jpg

 

Finally, assign the Security profile under the desired firewall policy in order for the security profile to take effect.