ICAP Integrations
Nullafi Shield is broadly compatible with any ICAP client which implements the standard ICAP interface. Integration documentation for 3rd party ICAP clients is provided here to facilitate deployment but should not be considered authoritative. Please refer to the documentation provided by your ICAP client hardware or software for additional information.
Validated ICAP Clients
The list below reflects well-documented ICAP clients which Nullafi has tested in-house or on-premise and validated to work with Shield. If your ICAP client is not listed, please consult the documentation provided by the ICAP client vendor. In most cases, the ICAP server configuration needed to support an unlisted client is the same as for these validated clients in the list below (primarily setting the ICAP Server URL within the ICAP client software - see the ICAP URL section below).
| Vendor | Product Name | Product Type |
|---|---|---|
| McAfee | Web Gateway | Secure Web Gateway |
| F5 | BigIP SSLO | SSL Inspection |
| F5 | Secure Web Gateway Services | Secure Web Gateway |
| F5 | BigIP LTM | Load Balancer |
| Fortinet | Fortigate | NextGen Firewall |
| Checkpoint | Security Gateway | NextGen Firewall |
| Broadcom/Symantec BlueCoat | ProxySG | Secure Web Gateway |
ICAP URL
For ICAP clients not on this list, the primariy configuration parameter required is to tell the client where to find the Shield instance. This is the ICAP URL. Shield's ICAP url is made up of the scheme ("icap://"), the hostname or IP address of the instance, the TCP port in use, and the path to the service endpoint (one of either "/respmod" or "/reqmod").
| Mode | URL | Example |
|---|---|---|
| Request Modification Mode (REQMOD, OPTIONS) | icap://<Shield hostname or IP>:<port>/reqmod | e.g, icap://shield.example.com:1344/reqmod |
| Response Modification Mode (RESPMOD, OPTIONS) | icap://<Shield hostname or IP>:<port>/respmod | e.g, icap://shield.example.com:1344/respmod |