Fortinet black logo

Handbook

Example sequence

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:685612
Download PDF

Example sequence

This example is for an ICAP server performing web URL filtering on HTTP requests

  1. A user opens a web browser and sends an HTTP request to connect to a web server.
  2. The FortiGate unit intercepts the HTTP request and forwards it to an ICAP server.
  3. The ICAP server receives the request and determines if the request is for URL that should be blocked or allowed.
    • If the URL should be blocked the ICAP server sends a response to the FortiGate unit. The FortiGate unit returns this response to the user’s web browser. This response could be a message informing the user that their request was blocked.
    • If the URL should be allowed the ICAP server sends a request to the FortiGate unit. The FortiGate unit forwards the request to the web server that the user originally attempted to connect to.
    • When configuring ICAP on the FortiGate unit, you must configure an ICAP profile that contains the ICAP server information; this profile is then applied to a security policy.

Example sequence

This example is for an ICAP server performing web URL filtering on HTTP requests

  1. A user opens a web browser and sends an HTTP request to connect to a web server.
  2. The FortiGate unit intercepts the HTTP request and forwards it to an ICAP server.
  3. The ICAP server receives the request and determines if the request is for URL that should be blocked or allowed.
    • If the URL should be blocked the ICAP server sends a response to the FortiGate unit. The FortiGate unit returns this response to the user’s web browser. This response could be a message informing the user that their request was blocked.
    • If the URL should be allowed the ICAP server sends a request to the FortiGate unit. The FortiGate unit forwards the request to the web server that the user originally attempted to connect to.
    • When configuring ICAP on the FortiGate unit, you must configure an ICAP profile that contains the ICAP server information; this profile is then applied to a security policy.