Symantec (Bluecoat) SG ICAP and Sandblast (TEX)

Document created by Heiko Ankenbrand on Mar 26, 2018Last modified by Heiko Ankenbrand on Apr 19, 2018
Version 13Show Document
  • View in full screen mode

Configuring ICAP Server on Check Point Sandblast Appliance (TEX) or Gateway:

Enable ICAP server on TEX appliance see SK111306 and configure thread rules in Smart DashBoard. 
Use hotfix 286 or higher for R77.30.

 

Enable ICAP Server

Start ICAP server on TEX appliance or gateway:

# icap_server start

 

Enable ICAP Logs

# tecli advanced remote emulator logs enable    <<< Hotfix 286 or higher automatically activates logging.

 

Enable firewall rule to connect ICAP Server (TEX Appliance)

Source: Symantec SG
Destination: "ip-address of sandblast appliance"

Port: 1344

 

Configure Thread Rules

Configure Thread rules in SmartDashboard

.

Configuring ICAP on Symantec SWG:


     ICAP Servers Request

  1. Go to Configuration  > content Analysis > ICAP and click on New.
  2. Enter a Name "sandblast_server" for the server.
  3. Go to Configuration  > content Analysis > ICAP and click on Edit "sandblast_server"

  4. Enter the Service URL icap://ip-address of sandblast appliance/sandblast
  5. Set the Maximum nummber of connection: 100 <<< You can configure this on sandblast appliance in config files. Set the same value. If you overstay the value you become an ICAP error!
  6. Set Method supported: request modification <<< Use request mod.
  7. Set Send: Client address/ Server address/ Auth user

    ICAP Servers Response
    1. Go to Configuration  > content Analysis > ICAP and click on New.
    2. Enter a Name "sandblast_server_response" for the server.
    3. Go to Configuration  > content Analysis > ICAP and click on Edit "sandblast_server_response"

    4. Enter the Service URL icap://ip-address of sandblast appliance/sandblast
    5. Set the Maximum nummber of connection: 100 <<< You can configure this on sandblast appliance in config files. Set the same value. If you overstay the value you become an ICAP error!
    6. Set Method supported: response modification <<< Use request mod.
    7. Set Send: Client address/ Server address/ Auth user

      ICAP Servers Response Analysis

      1. Go to Configuration  > Policy > Visual Policy Manager
      2. Add Web Content Layer
      3. Enter the new > Performe Response Analysis
      4. Add Available Service: sandblast_server_response <<< Response Service
      5. Enter the new > Performe Request Analysis

      6. Add Available Service: sandblast_server <<< Request Service
      7. See Web Conten Layer Rule


47 people found this helpful

Attachments

    Outcomes