topic Re: ICAP Protocol in Firewall and Security Management

ICAP Protocol

Olmedo_Abril_Ar — Wed, 02 Mar 2016 13:15:16 GMT

Hi.

R80 support ICAP protocol?

Re: ICAP Protocol

PhoneBoy — Fri, 04 Mar 2016 22:44:49 GMT

Can you define your specific requirements?

Re: ICAP Protocol

Olmedo_Abril_Ar — Wed, 14 Sep 2016 19:57:46 GMT

I have a client who needs to send the log to a Trustwave SIEM integration so this must be done through the ICAP protocol.

Re: ICAP Protocol

Quinn_Yost — Fri, 16 Sep 2016 15:36:09 GMT

Generally ICAP is used to offload content analysis to another system. To send Check Point log messages to another system, one would generally use syslog or OpSec.

Re: ICAP Protocol

Rex_Shang — Tue, 07 Nov 2017 01:04:36 GMT

Does R80 support ICAP protocol as an ICAP client? I am looking at having a file analysis engine integrated with CheckPoint and would like to run an ICAP serve to receive the files.

Re: ICAP Protocol

PhoneBoy — Tue, 07 Nov 2017 03:13:58 GMT

In read-only mode, yes: Check Point support for Internet Content Adaptation Protocol (ICAP) read-only client

If you want to modify content based on what the ICAP server says, this is not currently supported in R80.10.

Re: ICAP Protocol

Rex_Shang — Tue, 07 Nov 2017 23:38:43 GMT

I am using CheckPoint Security Gateway pay as you go service in AWS and I am not able to open the support solution. Can you shed some light on the configuration steps to do this? Much thanks.

Re: ICAP Protocol

PhoneBoy — Wed, 08 Nov 2017 09:46:14 GMT

AWS PAYG includes standard support, which should allow access to that SK.

I recommend engaging with our Account Services team.

Contact Support | Check Point Software

Re: ICAP Protocol

John_Richards — Fri, 04 May 2018 19:59:26 GMT

Dameon, just wondering if you can comment on sk111305. It appears that Internet Content Adaptation Protocol (ICAP) client with data modifications functionality can be added to Check Point R77.30 Security Gateway on Gaia OS.
This functionality would enable Check Point Security Gateway to interact with an ICAP server's response, to modify content and to block connections. We have a client that would like to do this (send ICAP to a DLP solution) and do not want to go to R80.10 yet. We still are getting mixed messages (it will work...it will not work) from Check Point.

Thanks

Re: ICAP Protocol

PhoneBoy — Fri, 04 May 2018 20:47:26 GMT

As it is not part of a mainstream release and is meant for specific environments, you will need to work with your local Check Point office.

They should be able to help you determine if the solution is suitable for your specific situation.

Re: ICAP Protocol

Alessandro_Marr — Wed, 23 Jan 2019 18:18:34 GMT

Hello Dameon, is icap client, on R80.20, read-write?

Re: ICAP Protocol

PhoneBoy — Thu, 24 Jan 2019 06:01:17 GMT

Yes.

Refer to: ICAP Client

Re: ICAP Protocol

Alessandro_Marr — Thu, 24 Jan 2019 09:16:22 GMT

Hello Dameon, thank you for the information, another doubt: to use my cluster with a DLP 3rd Party I need to change my configuration to use my gateway as an HTTP proxy on transparent mode as a picture below ?

actual state

settings to use with external DLP

Is correct?

Re: ICAP Protocol

PhoneBoy — Thu, 24 Jan 2019 09:41:37 GMT

Don't believe this is required.

Re: ICAP Protocol

Alessandro_Marr — Thu, 24 Jan 2019 10:54:40 GMT

ok, thank you Dameon, I will study that link.