Create an ICAP Redirect Profile
The SRX Series Firewall acts as an SSL proxy, decrypts HTTP or HTTPS traffic, and redirects the HTTP message to a third-party, on-premise DLP server through the Internet Content Adaptation Protocol (ICAP) channel. To enable ICAP redirection service, you must configure an ICAP redirect profile.
Create ICAP redirect profile to allow the ICAP server to process request messages, response messages, fallback options, and so on, for the permitted traffic. This profile is applied as an application service in the security policy.
To create an ICAP redirect profile:
Setting |
Guideline |
---|---|
Name |
Enter a unique ICAP redirect profile name. The string must contain alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters. |
Timeout |
Enter the server response timeout in milliseconds. Range: 100 through 50000. |
HTTP redirection option |
Select one of the following:
|
ICAP Redirect Server |
Do the following:
|
Fallback Option |
|
Timeout action |
Select a timeout action from the list:
|
Connectivity failure action |
Select a connectivity failure action from the list that the request cannot be sent out due to connection issues:
|
Default failure action |
Select a default failure action from the list to be taken when there are scenarios other than the above two mentioned ones.
|