setting up ICAP for a NetCache Appliance

To set up ICAP for a NetCache Appliance:

1. Log on to the NetCache console by opening http://{SERVER-IP}:3132 in a browser window.

2. Click Setup, then click ICAP > ICAP 1.0 on the left menu.

3. Click General, then select Enable ICAP Version 1.0.

4. Click Commit Changes.

5. Note: The error message “icap: This service is not licensed.” appears if you have not provided the required ICAP license key for NetCache.

5. Enter an ICAP license key:

1. Click Setup, and then click System > Licenses in the left menu. The System Licenses screen appears.

2. Type your license under the ICAP license section.

3. Click Commit Changes.

6. Select the Service Farms tab on the ICAP 1.0 screen, then click New Service Farm to add ICAP servers. Assign the service farm name in the Service Farm Name field.

7. For response mode, select RESPMOD_PRECACHE in the Vectoring Point field.

8. For request mode, select REQMOD_PRECACHE in the Vectoring Point field.

7. Select Service Farm Enable.

8. In the Load Balancing field, choose the proper algorithm to use for load balancing (if you have more than one ICAP server in the service farm). Clear Bypass on Failure.

9. Note: Disable Bypass on Failure if your priority is to limit virus propagation within your network. Otherwise, enable Bypass on Failure to guarantee an unblocked connection to the Internet.

9. Under the Consistency field, choose strong from the drop-down menu and leave the lbw Threshold field empty.

10. Note: For multiple ICAP servers within a service farm with strong consistency selected, make sure that all ICAP servers have identical intscan.ini and other configuration files and the same virus patterns. The service farm will not work properly if the ICAP servers have different configurations.

10. Under the Services text box (for response mode), type:

icap://{ICAP-SERVER-IP}:1344/RESP-Service on

where ICAP-SERVER-IP is the IP address of IWSVA ICAP for response mode.

1. For multiple IWSVA ICAP server services, type the additional entries for response mode:

icap://{ICAP-SERVER1-IP}:1344/resp on

icap://{ICAP-SERVER2-IP}:1344/resp on

11. Under the Services text box (for request mode), type:

icap://{ICAP-SERVER-IP}:1344/REQ-Service on

where ICAP-SERVER-IP is the IP address of IWSVA ICAP for request mode.

1. For multiple IWSVA ICAP server services, type the additional entries for request mode:

icap://{ICAP-SERVER1-IP}:1344/REQ-Service on

icap://{ICAP-SERVER2-IP}:1344/REQ-Service on

12. Click Commit Changes.

13. Click the Access Control Lists tab, then select Enable Access Control Lists.

14. Type “icap <Service Farm name of the ICAP Server> any” in HTTP ACL.

15. Click Commit Changes.

16. To configure scanning FTP over HTTP traffic, go to Access Control List and add “icap <service farm name>” into the FTP ACL field.

See also:

• Flushing Existing Cached Content from the Appliance

• Understanding Request and Response Mode Differences