Halo ICAP Server FAQs
    • PDF

    Halo ICAP Server FAQs

    • PDF

    Article summary

    What is ICAP?

    ICAP (Internet Content Adaptation Protocol) is a protocol used to offload tasks such as virus scanning and content filtering to dedicated servers.


    What is an ICAP-based CDR solution?

    A Content Disarm and Reconstruction (CDR) solution sanitizes files by removing potentially harmful elements and reconstructing the files to ensure they are safe. Glasswall Halo's ICAP server integrates with your existing security infrastructure to give you control over the protection and availability of files and web-based content entering or leaving your organization.


    What are the key benefits of using an ICAP-based CDR solution?
    • Real-time threat removal
    • Seamless integration with existing security infrastructure
    • Automated file sanitization without user intervention
    • Compliance with regulatory requirements
    • Enhanced security and reduced risk of zero-day attacks


    How does the ICAP integration work with existing security infrastructure?

    The Halo ICAP server acts as an intermediary between ICAP clients (such as proxy servers, firewalls, or gateways) and the Glasswall Halo service. When a file is detected passing through the ICAP client, it is sent to Glasswall Halo via ICAP for sanitization before being returned to the client. Detailed guides for configuring popular ICAP clients are provided in the documentation.


    Which security appliances are compatible with Glasswall Halo's ICAP solution?

    The Halo ICAP server is compatible with any ICAP-enabled security appliance, but detailed configuration guides for some of the most popular ones can be found here:

    In addition it is compatible with a Squid 5.x Proxy Server


    What type of content is supported by Glasswall Halo's ICAP solution?

    Any content sent via ICAP will have a Media Type that can be passed to the Halo ICAP server for processing, with those having a matching file type supported by Glasswall Halo able to be sanitized.

    For more information on how Media Types map to file types supported by Glasswall Halo, please refer to the ICAP Profiles documentation which lists all configurable Media Types.


    Can I control what types of content are processed?

    Customers have full control over what the Halo ICAP server does with each type of content (Media Type) it receives:

    • Process: If the content contains a supported file type, then sanitize the file using CDR and return it.
    • Block: Replace the content with an error report informing the user that type of content is blocked, then return it.
    • Bypass: Return the content unmodified and unprotected.

    For any given piece of content the ICAP client sends to the Halo ICAP server, it will receive back the original content, modified (sanitized file) content, or an error report.


    How do I manage how my content is processed?

    Content processing rules are defined in an 'ICAP profile', and since the profile is sent to the Halo ICAP server as part of the request alongside the content, customers can create as many custom profiles as required to address their different security use cases. Halo allows you to configure your ICAP profiles either via the Profile management API or the portal's ICAP settings page.


    What happens to content processed by Glasswall Halo's ICAP server?

    Processed files are returned to the ICAP client, which then forwards them to the intended recipient or destination. The files are safe and free from any potential threats.


    What happens to content that gets blocked or is unable to be processed by Glasswall ICAP?

    When the Halo ICAP server receives a content type that it has been instructed to block, or Halo is unable to process and protect a file, the content or file will be replaced with an error report instructing the recipient why they can not access that content along with detailed information about the request that can be passed on to an administrator for investigation.


    Can I monitor the requests going through the Halo ICAP server?

    Halo comes with comprehensive auditing and reporting features to help your organization manage their risk profile, and this extends to ICAP. You can access a full audit trail of the requests processed by the ICAP server, detailing their attributes, content and status. This same information is then showcased in easy to digest reports featuring visualisations that summarise key attributes and highlight trends over time.


    Is there a cost to enable the Halo ICAP server functionality as part of Halo?

    No, the Halo ICAP server is included in all of our Glasswall Halo license options. You just need to set up the necessary hardware and enable ICAP.


    How do I enable and configure the Halo ICAP server?

    The ICAP server can be enabled by following the Setup Guide. For configuring your security appliance, please refer to our detailed guides for the most popular ICAP-enabled security appliances.


    Was this article helpful?