Hello,
I wanted to share with you some lessons learned by integrating ForcePoint Web Proxy and Sandblast via ICAP.
We have two TE appliances, integration went well and smooth following the guides in Check Point and some reading of the ICAP RFC, fun part was that we were only emulating uploaded files and no download. (ie: When we uploaded an attachment we could see it being emulated, but when we downloaded any file nothing).
We performed some PCAPs on Download and Upload traffic and we could only see REQMOD and 204 unmodified messages being sent, nevertheless with upload traffic we could see even the file
After escalating with both vendors, ForcePoint confirmed to us that they only supported uploads via ICAP since they only use it for DLP.
Hope it is useful if you are planning a similar integration.
Regards,
Federico
____________
https://www.linkedin.com/in/federicomeiners/