Fortinet black logo

CLI Reference

Home FortiProxy 7.2.2 CLI Reference
7.2.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.0.17
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
2.0.13
2.0.12
2.0.0
1.2.4

config icap local-server

config icap local-server

Configure ICAP local server.

config icap local-server
    Description: Configure ICAP local server.
    edit <icap-server-id>
        set status [disable|enable]
        set secure-connection [disable|enable]
        set status-ipv6 [disable|enable]
        set icap-incoming-port {integer}
        set icap-incoming-ssl-port {integer}
        set interface {string}
        set incoming-ip {ipv4-address-any}
        set incoming-ipv6 {ipv6-address}
        set ssl-cert {string}
        set strict-scheme-check [disable|enable]
        set srcaddr {string}
        config icap-service
            Description: Set up services for local ICAP server.
            edit <service-id>
                set name {string}
                set dlp-sensor {string}
                set av-profile {string}
                set webfilter-profile {string}
                set profile-protocol-options {string}
                set extension-headers {option1}, {option2}, ...
            next
        end
    next
end

config icap local-server

Parameter

Description

Type

Size

Default

status

Enable/disable status for icap server network profile.

option

-

enable

Option

Description

disable

Disable the status for ipv4 in network-profile.

enable

Enable the status for ipv4 in network-profile.

secure-connection

Enable/disable status for secured icap server network profile.

option

-

disable

Option

Description

disable

Disable the status for ipv4 ssl in network-profile.

enable

Enable the status for ipv4 ssl in network-profile.

status-ipv6

Enable/disable status for icap server service ipv6.

option

-

disable

Option

Description

disable

Disable the status for ipv6 in network-profile.

enable

Enable the status for ipv6 in network-profile.

icap-incoming-port

Accept incoming ICAP requests on one or more ports .

integer

Minimum value: 1 Maximum value: 65535

1344

icap-incoming-ssl-port

Accept incoming secured ICAP requests on one or more ports .

integer

Minimum value: 1 Maximum value: 65535

11344

interface

Interface name

string

Maximum length: 15

incoming-ip

Restrict the ICAP server to only accept sessions from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

0.0.0.0

incoming-ipv6

Restrict the ICAP server to only accept sessions from this IPv6 address. An interface must have this IPv6 address.

ipv6-address

Not Specified

::

ssl-cert

SSL certificate for SSL interception.

string

Maximum length: 35

Fortinet_SSL

strict-scheme-check

Enable/disable strict check of scheme.

option

-

enable

Option

Description

disable

Disable strict check of scheme.

enable

Enable strict check of scheme.

srcaddr

Source address name.

string

Maximum length: 79

config icap-service

Parameter

Description

Type

Size

Default

name

Name of ICAP service profile.

string

Maximum length: 35

dlp-sensor

Name of an existing DLP sensor.

string

Maximum length: 35

av-profile

Name of an existing Antivirus profile.

string

Maximum length: 35

webfilter-profile

Name of an existing Web filter profile.

string

Maximum length: 35

profile-protocol-options

Name of an existing Protocol options profile.

string

Maximum length: 35

default

extension-headers

Configuare the extension headers of icap server response.

option

-

Option

Description

X-Virus-id

Enable X-Virus-ID ICAP extension header.

X-Infection-Found

Enable X-Infection-Found ICAP extension header.

X-Violation-Found

Enable X-Violation-Found ICAP extension header.
Previous
Next

config icap local-server

Configure ICAP local server.

config icap local-server
    Description: Configure ICAP local server.
    edit <icap-server-id>
        set status [disable|enable]
        set secure-connection [disable|enable]
        set status-ipv6 [disable|enable]
        set icap-incoming-port {integer}
        set icap-incoming-ssl-port {integer}
        set interface {string}
        set incoming-ip {ipv4-address-any}
        set incoming-ipv6 {ipv6-address}
        set ssl-cert {string}
        set strict-scheme-check [disable|enable]
        set srcaddr {string}
        config icap-service
            Description: Set up services for local ICAP server.
            edit <service-id>
                set name {string}
                set dlp-sensor {string}
                set av-profile {string}
                set webfilter-profile {string}
                set profile-protocol-options {string}
                set extension-headers {option1}, {option2}, ...
            next
        end
    next
end

config icap local-server

Parameter

Description

Type

Size

Default

status

Enable/disable status for icap server network profile.

option

-

enable

Option

Description

disable

Disable the status for ipv4 in network-profile.

enable

Enable the status for ipv4 in network-profile.

secure-connection

Enable/disable status for secured icap server network profile.

option

-

disable

Option

Description

disable

Disable the status for ipv4 ssl in network-profile.

enable

Enable the status for ipv4 ssl in network-profile.

status-ipv6

Enable/disable status for icap server service ipv6.

option

-

disable

Option

Description

disable

Disable the status for ipv6 in network-profile.

enable

Enable the status for ipv6 in network-profile.

icap-incoming-port

Accept incoming ICAP requests on one or more ports .

integer

Minimum value: 1 Maximum value: 65535

1344

icap-incoming-ssl-port

Accept incoming secured ICAP requests on one or more ports .

integer

Minimum value: 1 Maximum value: 65535

11344

interface

Interface name

string

Maximum length: 15

incoming-ip

Restrict the ICAP server to only accept sessions from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

0.0.0.0

incoming-ipv6

Restrict the ICAP server to only accept sessions from this IPv6 address. An interface must have this IPv6 address.

ipv6-address

Not Specified

::

ssl-cert

SSL certificate for SSL interception.

string

Maximum length: 35

Fortinet_SSL

strict-scheme-check

Enable/disable strict check of scheme.

option

-

enable

Option

Description

disable

Disable strict check of scheme.

enable

Enable strict check of scheme.

srcaddr

Source address name.

string

Maximum length: 79

config icap-service

Parameter

Description

Type

Size

Default

name

Name of ICAP service profile.

string

Maximum length: 35

dlp-sensor

Name of an existing DLP sensor.

string

Maximum length: 35

av-profile

Name of an existing Antivirus profile.

string

Maximum length: 35

webfilter-profile

Name of an existing Web filter profile.

string

Maximum length: 35

profile-protocol-options

Name of an existing Protocol options profile.

string

Maximum length: 35

default

extension-headers

Configuare the extension headers of icap server response.

option

-

Option

Description

X-Virus-id

Enable X-Virus-ID ICAP extension header.

X-Infection-Found

Enable X-Infection-Found ICAP extension header.

X-Violation-Found

Enable X-Violation-Found ICAP extension header.
Previous
Next