Troubleshooting Tip: Testing FortiProxy ICAP Server with C-ICAP Client

rpillai · ‎07-24-2025

Description This article describes how to test FortiProxy as an ICAP server using open-source tools like the C-ICAP client library or tools built on top of it.

Scope FortiProxy v7.4 and v7.6.

Solution

Configure FortiProxy as the local ICAP server.

CLI:

config icap local-server
    edit 1
        set interface "port1"
        set incoming-ip 192.168.100.170
        set srcaddr "all"
        config icap-service
            edit 1
                set name "Test"
                set dlp-profile "default"
                set av-profile "default"
                set webfilter-profile "default"
            next
        end
    next
end

Install C-ICAP tools on Client machine(Windows or Linux): In this example, Ubuntu is used as the test client.
Download the EICAR text file from www.eicar.org for testing.
Run the following command on the client:

c-icap-client -i 192.168.100.170 -s Test -f eicar.txt

Parameter explanation:

-i --> ICAP server name/IP.

-s -->ICAP service configured on the Server.
-f -->Send this file to the ICAP server.

If configured correctly, the client will display a response similar to the following:

And the following FortiProxy log entry:

This packet capture illustrates an ICAP RESPMOD request initiated by a C-ICAP client to FortiProxy: The HTTP response body contains the standard EICAR test file, and FortiProxy's ICAP server analyzes the request and returns an ICAP response indicating detection and the corresponding action.

By following the steps above, administrators can validate FortiProxy's ICAP server functionality using the C-ICAP client and the standard EICAR test file.

Related documents:

Admin Guide: Create or edit an ICAP local server on FortiProxy

Technical Tip: How to troubleshoot ICAP

Troubleshooting Tip: Testing FortiProxy ICAP Server with C-ICAP Client

You are leaving our website