Configure ICAP Client
FortiSandbox can work as an ICAP server with any ProxySG that supports ICAP.
When ICAP client sends a HTTP request to FortiSandbox, FortiSandbox extracts the URL and checks if a verdict is available. If the verdict is not a user selected blocking rating or is not available , a 200 return code is sent back to client so the request can move on on the client side. If the verdict is user selected blocking rating, a 403 return code along with a block page is sent back to the client. If no verdict is available, the URL will be put into the Job Queue for a scan. URL scan flow will apply.
When the ICAP client sends a HTTP response to FortiSandbox, FortiSandbox extracts file from it and checks if verdicts are available. If verdicts are not a user selected blocking rating, a 200 return code is sent back to client so the response can be delivered to the endpoint host. If a verdict is user selected blocking rating, a 403 return code along with a block page is sent back to the client. If the user enables Realtime AV Scan, the file will be scanned by the AV Scanner. If the file is a known virus, a 403 return code along with a blocked page is sent back to the client. If no verdict is available, these files will be put into the Job Queue for a scan. File scan flow will apply.
When ICAP client sends a preview request, FortiSandbox returns a 204 return code, which means it is not supported.
The following is an example ICAP configurations for a SQUID 4.x proxy server, which should be added to the end of
cache deny all
icap_service svcBlocker1 reqmod_precache icap://fortisandbox_ip:port_number/reqmod bypass=0 ipv6=off
adaptation_access svcBlocker1 allow all
icap_service svcLogger1 respmod_precache icap://fortisandbox_ip:port_number/respmod routing=on ipv6=off
adaptation_access svcLogger1 allow all
### add the following lines to support ssl ###
#icap_service svcBlocker2 reqmod_precache icaps://sandbox_ip:ssl_port_number/reqmod bypass=1 tls-flags=DONT_VERIFY_PEER
#adaptation_access svcBlocker2 allow all
#icap_service svcLogger2 respmod_precache icaps://sandbox_ip:ssl_port_number/respmod bypass=1 tls-flags=DONT_VERIFY_PEER
#adaptation_access svcLogger2 allow all