R80 support ICAP protocol?
Can you define your specific requirements?
I have a client who needs to send the log to a Trustwave SIEM integration so this must be done through the ICAP protocol.
Generally ICAP is used to offload content analysis to another system. To send Check Point log messages to another system, one would generally use syslog or OpSec.
Does R80 support ICAP protocol as an ICAP client? I am looking at having a file analysis engine integrated with CheckPoint and would like to run an ICAP serve to receive the files.
In read-only mode, yes: Check Point support for Internet Content Adaptation Protocol (ICAP) read-only client
If you want to modify content based on what the ICAP server says, this is not currently supported in R80.10.
I am using CheckPoint Security Gateway pay as you go service in AWS and I am not able to open the support solution. Can you shed some light on the configuration steps to do this? Much thanks.
AWS PAYG includes standard support, which should allow access to that SK.
I recommend engaging with our Account Services team.
Contact Support | Check Point Software
Dameon, just wondering if you can comment on sk111305. It appears that Internet Content Adaptation Protocol (ICAP) client with data modifications functionality can be added to Check Point R77.30 Security Gateway on Gaia OS.This functionality would enable Check Point Security Gateway to interact with an ICAP server's response, to modify content and to block connections. We have a client that would like to do this (send ICAP to a DLP solution) and do not want to go to R80.10 yet. We still are getting mixed messages (it will work...it will not work) from Check Point.
As it is not part of a mainstream release and is meant for specific environments, you will need to work with your local Check Point office.
They should be able to help you determine if the solution is suitable for your specific situation.
Retrieving data ...