Content & Malware Analysis

 View Only

  • 1.  ICAP Service URL configuration - proxysg

    Posted Jan 25, 2024 01:30 PM

    I am configuring our proxysg to talk to our CAS units and see multiple ways to do it in the Broadcom docs:

    icap://IP-address/ICAP-service where service is the CAS name? Does that mean the name of the CAS unit itself?

    I also see it as icap://Ip-address/ only.

    I am will be doing Content analysis and Malware (cloud sandboxing). Just not clear on what the icap URL should be.



  • 2.  RE: ICAP Service URL configuration - proxysg

    Broadcom Employee
    Posted Jan 25, 2024 01:36 PM

    For CAS you can just use: icap://IP-address


    See: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/sg-introduction/communication/SG_ICAP_config/SG_ICAP_config_ICAP.html 


    Original Message


  • 3.  RE: ICAP Service URL configuration - proxysg

    Posted Jan 25, 2024 01:38 PM

    That's what I was looking for, Thanks!

    From the link:

    Enter the 
    Service URL
    , which is the 
    Content Analysis
     ICAP address. The format is as follows:
    icap://
    IP-address
    /
    ICAP-service
    Where
    IP-address
     is the 
    Content Analysis
     IP address or hostname and
    ICAP-service
     is the name of the 
    Content Analysis
     appliance (
    CAS
     by default).
      Beginning with SGOS 6.6, the Service URL does not require the
      ICAP_service
       when the ICAP server is a 
      Content Analysis
       or ProxyAV appliance. You can enter
      icap://
      IP-address
      /
      .

      Original Message


    • 4.  RE: ICAP Service URL configuration - proxysg

      Posted Jan 26, 2024 02:27 AM

      Hi,

      you can use icap://IP-address/ or icap://hostname/ (I prefer hostnames)

      If you are using ICAPs and verify the certificates, make sure that your SAN matches this IP or hostname.

      Matthias


      Original Message