- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Configuring ICAP Server on Check Point Sandblast Appliance (TEX) or Gateway:
Enable ICAP-Server on TEX Appliance see SK111306 and configure Thread rules in DashBoard.
Use Hotfix 286 or higher for R77.30.
Enable ICAP Server
Start ICAP server on TEX appliance or gateway:
# icap_server start
Enable ICAP Logs
# tecli advanced remote emulator logs enable <<< Hotfix 286 or higher automatically activates logging.
Enable firewall rule to connect ICAP Server (TEX Appliance)
Source: Fortigate
Destination: "ip-address of sandblast appliance"
Port: 1344
Configure Thread Rules
Configure Thread rules in SmartDashboard
Configuring ICAP on Fortigate:
config icap server
edit sandblast_server
set max-connection 100 <<< You can configure this on sandblast appliance in config files. Set the same value. If you overstay the value you become an ICAP error!
end
Enable firewall rule to connect ICAP Server (TEX Appliance)
Source: Fortigate
Destination: "ip-address of sandblast appliance"
Port: 1344
Enable firewall rule to use ICAP Profile
Source: xyz-ip
Destination: xyz-ip
Port: http
Profile: "Sandblast_Profile"
---
Better:
Use a Check Point Firewall!
Regards,
With which Fortigate version does this work?
Hi Heiko,
this is not needed anymore:
Enable ICAP Logs
# tecli advanced remote emulator logs enable
The included ICAP server (since JHF286) will create logs automatically.
I also assume the caption should read "Fortigate" 🙂
Regards Thomas
Is it possible to use ICAP with other firewall?
Anybody got experience?
Hi Pablo,
what do you exactly mean ?
Attaching a FW with ICAP client functionality to the SandBlast ICAP server ?
Actually you can attach any RFE ICAP client to our solution ...
Regards Thomas
Is it possible to use the FortiProxy on Fortigate with ICAP?
Forti OS 5.4.7 doesn‘t work as proxy. I become an icap error: To many icap connections.
Hello Slavisa,
FortiOS 5.4.7 is very buggy. I would use the 5.4.8 version. But we should not discuss in Check Point forum.
Regards,
config icap server
edit sandblast_server
set max-connection 100 <<< You can configure this on sandblast appliance in config files. Set the same value. If you overstay the value you become an ICAP error!
end
Which config files on sandblast appliance should i configure?
All, please be noted that the R77.30 RFE is not relevant anymore on MT with GUI (R80.20 GA or R80.10 JHF>167)
See Admin Guide (ICAP Server): https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_ThreatPrevention_AdminGui...
Relevant sk’s are: sk123412 (ICAP Server support for Threat Prevention) & sk122853 (R80.20 Management Threat Prevention new features supported with R80.10 Jumbo Hotfix)
Nice solution!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY