Configuring the proxy to communicate with ICAP Service
Before you begin
Applies to: |
---|
|
The precise steps required to configure the third-party proxy to communicate with ICAP Service vary from product to product.
Steps
Next steps
- Configure a Web Access Layer rule to pass all traffic from any source to any destination to the ICAP server configured above, and specify whether the proxy should fail open (permit all traffic) or fail closed (block all traffic) when the ICAP server is not available.
- Configure a Web Access Layer rule to allow all traffic to the IP address of the Filtering Service machine. This allows client browsers to receive block pages.
- If you want the proxy to authenticate users and pass user name information to your web protection software, configure an authentication rule to authenticate users against a
supported directory service.
Note that if you are using Active Directory for user authentication, and use a hostname to identify the Active Directory server, make sure that the hostname resolves to the same IP address for both the third-party proxy and the Forcepoint Security Manager.
Also, if Active Directory is identified by hostname in the proxy, the hostname is what appears in log records, even if Active Directory is identified by IP address in the Forcepoint Security Manager.
- Optionally configure HealthCheck for the external ICAP server. This causes the Blue Coat appliance to periodically send a URL filter request to the ICAP Service to ensure that it is still running and responding correctly.