When ICAP redirect is configured in a unified policy and Note the following behavior while using ICAP redirect service
#DLP ICAP SERIES#
The ICAP server performs the policy scanĪnd the traffic is redirected to the SRX Series device, and the specifiedĪction is taken as per the ICAP redirect profile. The ICAP server profile defines the behavior of redirectionĪnd server specifications. Redirect service profile that is configured as application services When the traffic matches the policy, the ICAP These profiles as application services in the security policy for You configure an ICAP redirect profile and SSL proxy profile and apply In a unified policy with dynamic applications as a match condition, Use dynamic applications as match conditions as part of the existingĥ-tuple or 6-tuple (5-tuple with user firewall) match conditions to Unified policies are the security policies that enable you to OS Release 18.2R1, SRX Series devices support ICAP service redirectįeature when the device is configured with unified policies. Service Redirect for Layer 7 Dynamic Applications with Unified If the request contains confidential information, youĬan choose to take action (block, permit, log) as per your requirement. Proxy server to send the HTTP to the internet. The ICAP server sends it back to the proxy server, and directs the If the request does not contain any confidential information, The ICAP server receives the ICAP request and analyzes To the third-party on-premise ICAP server. The SRX Series device receives information from the end-host,Įncapsulates the message and forwards the encapsulated ICAP message The request goes through the SRX Series device that is The user opens a connection to a Website on the internet. The following sequences are involved in a typical ICAP redirect Or blocks the data traffic as configured in the profile. If any sensitiveĭata is detected per the policies, the SRX Series device logs, redirects, Taken according to the results from the ICAP server. Traffic is redirected back to the SRX Series device and action is SRX Series deviceĭecrypts HTTPS traffic and redirects HTTP message to a third-party, With the proper SSL profile under a security policy. The SRX Series deviceĪcts as an SSL proxy server and decrypts the pass-through traffic HTTP or HTTPS traffic to any third-party server. SRX Series devices support ICAP redirect functionality to redirect Junos OS ICAP Support for SRX Series Device