Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Olmedo_Abril_Ar
Participant

ICAP Protocol

Hi.

R80 support ICAP protocol?

14 Replies
PhoneBoy
Admin
Admin

Can you define your specific requirements?

0 Kudos
Olmedo_Abril_Ar
Participant

I have a client who needs to send the log to a Trustwave SIEM integration so this must be done through the ICAP protocol.

0 Kudos
Quinn_Yost
Contributor

Generally ICAP​ is used to offload content analysis to another system.   To send Check Point log messages to another system, one would generally use syslog or OpSec.

Rex_Shang
Explorer

Does R80 support ICAP protocol as an ICAP client?  I am looking at having a file analysis engine integrated with CheckPoint and would like to run an ICAP serve to receive the files.

0 Kudos
PhoneBoy
Admin
Admin

In read-only mode, yes: Check Point support for Internet Content Adaptation Protocol (ICAP) read-only client 

If you want to modify content based on what the ICAP server says, this is not currently supported in R80.10.

0 Kudos
Rex_Shang
Explorer

I am using CheckPoint Security Gateway pay as you go service in AWS and I am not able to open the support solution.  Can you shed some light on the configuration steps to do this?  Much thanks.

0 Kudos
PhoneBoy
Admin
Admin

AWS PAYG includes standard support, which should allow access to that SK.

I recommend engaging with our Account Services team.

Contact Support | Check Point Software 

0 Kudos
John_Richards
Participant

Dameon, just wondering if you can comment on sk111305. It appears that Internet Content Adaptation Protocol (ICAP) client with data modifications functionality can be added to Check Point R77.30 Security Gateway on Gaia OS.
This functionality would enable Check Point Security Gateway to interact with an ICAP server's response, to modify content and to block connections. We have a client that would like to do this (send ICAP to a DLP solution) and do not want to go to R80.10 yet. We still are getting mixed messages (it will work...it will not work) from Check Point.

Thanks

PhoneBoy
Admin
Admin

As it is not part of a mainstream release and is meant for specific environments, you will need to work with your local Check Point office.

They should be able to help you determine if the solution is suitable for your specific situation. 

Alessandro_Marr
Advisor

Hello Dameon, is icap client, on R80.20, read-write? 

0 Kudos
PhoneBoy
Admin
Admin

Yes.

Refer to: ICAP Client 

0 Kudos
Alessandro_Marr
Advisor

Hello Dameon, thank you for the information, another doubt: to use my cluster with a DLP 3rd Party I need to change my configuration to use my gateway as an HTTP proxy on transparent mode as a picture below ?

actual state

settings to use with external DLP

Is correct?

0 Kudos
PhoneBoy
Admin
Admin

Don't believe this is required.

0 Kudos
Alessandro_Marr
Advisor

ok, thank you Dameon, I will study that link.

0 Kudos