config icap server

config icap server

Configure ICAP servers.

config icap server
    Description: Configure ICAP servers.
    edit <name>
        set addr-type [ip4|ip6|...]
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set fqdn {string}
        set healthcheck [disable|enable]
        set healthcheck-service {string}
        set ip-address {ipv4-address-any}
        set ip6-address {ipv6-address}
        set max-connections {integer}
        set port {integer}
        set secure [disable|enable]
        set ssl-cert {string}
        set uuid {uuid}
    next
end

Parameter

Description

Type

Size

Default

addr-type

Address type of the remote ICAP server: IPv4, IPv6 or FQDN.

option

ip4

Option	Description
ip4	Use an IPv4 address for the remote ICAP server.
ip6	Use an IPv6 address for the remote ICAP server.
fqdn	Use the FQDN for the forwarding proxy server.

fabric-force-sync *

Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

option

disable

Option	Description
enable	Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.
disable	Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

fabric-object *

Security Fabric global object setting.

option

disable

Option	Description
enable	Object is set as a security fabric-wide global object.
disable	Object is local to this security fabric member.

fabric-object-source *

Source of truth for fabric object.

option

root

Option	Description
member	Source of truth for this object is a non-root member of fabric.
local	Source of truth for this object is this security fabric member.
root	Source of truth for this object is the root of the fabric.

fqdn

ICAP remote server Fully Qualified Domain Name (FQDN).

string

Maximum length: 255

healthcheck

Enable/disable ICAP remote server health checking. Attempts to connect to the remote ICAP server to verify that the server is operating normally.

option

disable

Option	Description
disable	Disable health checking.
enable	Enable health checking.

healthcheck-service

ICAP Service name to use for health checks.

string

Maximum length: 127

ip-address

IPv4 address of the ICAP server.

ipv4-address-any

Not Specified

0.0.0.0

ip6-address

IPv6 address of the ICAP server.

ipv6-address

Not Specified

max-connections

Maximum number of concurrent connections to ICAP server (unlimited = 0, default = 100). Must not be less than wad-worker-count.

integer

Minimum value: 0 Maximum value: 4294967295

100

name

Server name.

string

Maximum length: 63

port

ICAP server port.

integer

Minimum value: 1 Maximum value: 65535

1344

secure

Enable/disable secure connection to ICAP server.

option

disable

Option	Description
disable	Disable connection to secure ICAP server.
enable	Enable connection to secure ICAP server.

ssl-cert

CA certificate name.

string

Maximum length: 79

uuid *

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

* This parameter may not exist in some models.

config icap server

Configure ICAP servers.

config icap server
    Description: Configure ICAP servers.
    edit <name>
        set addr-type [ip4|ip6|...]
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set fqdn {string}
        set healthcheck [disable|enable]
        set healthcheck-service {string}
        set ip-address {ipv4-address-any}
        set ip6-address {ipv6-address}
        set max-connections {integer}
        set port {integer}
        set secure [disable|enable]
        set ssl-cert {string}
        set uuid {uuid}
    next
end