Halo ICAP Server FAQs

ICAP (Internet Content Adaptation Protocol) is a protocol used to offload tasks such as virus scanning and content filtering to dedicated servers.

A Content Disarm and Reconstruction (CDR) solution sanitizes files by removing potentially harmful elements and reconstructing the files to ensure they are safe. Glasswall Halo's ICAP server integrates with your existing security infrastructure to give you control over the protection and availability of files and web-based content entering or leaving your organization.

• Real-time threat removal
• Seamless integration with existing security infrastructure
• Automated file sanitization without user intervention
• Compliance with regulatory requirements
• Enhanced security and reduced risk of zero-day attacks

The Halo ICAP server acts as an intermediary between ICAP clients (such as proxy servers, firewalls, or gateways) and the Glasswall Halo service. When a file is detected passing through the ICAP client, it is sent to Glasswall Halo via ICAP for sanitization before being returned to the client. Detailed guides for configuring popular ICAP clients are provided in the documentation.

The Halo ICAP server is compatible with any ICAP-enabled security appliance, but detailed configuration guides for some of the most popular ones can be found here:

• FortiNet FortiGate
• F5 BIG-IP LTM

In addition it is compatible with a Squid 5.x Proxy Server

• Squid Proxy Server

Any content sent via ICAP will have a Media Type that can be passed to the Halo ICAP server for processing, with those having a matching file type supported by Glasswall Halo able to be sanitized.

For more information on how Media Types map to file types supported by Glasswall Halo, please refer to the ICAP Profiles documentation which lists all configurable Media Types.

Customers have full control over what the Halo ICAP server does with each type of content (Media Type) it receives:

• Process: If the content contains a supported file type, then sanitize the file using CDR and return it.
• Block: Replace the content with an error report informing the user that type of content is blocked, then return it.
• Bypass: Return the content unmodified and unprotected.

For any given piece of content the ICAP client sends to the Halo ICAP server, it will receive back the original content, modified (sanitized file) content, or an error report.

Content processing rules are defined in an 'ICAP profile', and since the profile is sent to the Halo ICAP server as part of the request alongside the content, customers can create as many custom profiles as required to address their different security use cases. Halo allows you to configure your ICAP profiles either via the Profile management API or the portal's ICAP settings page.

Processed files are returned to the ICAP client, which then forwards them to the intended recipient or destination. The files are safe and free from any potential threats.

When the Halo ICAP server receives a content type that it has been instructed to block, or Halo is unable to process and protect a file, the content or file will be replaced with an error report instructing the recipient why they can not access that content along with detailed information about the request that can be passed on to an administrator for investigation.

Halo comes with comprehensive auditing and reporting features to help your organization manage their risk profile, and this extends to ICAP. You can access a full audit trail of the requests processed by the ICAP server, detailing their attributes, content and status. This same information is then showcased in easy to digest reports featuring visualisations that summarise key attributes and highlight trends over time.

No, the Halo ICAP server is included in all of our Glasswall Halo license options. You just need to set up the necessary hardware and enable ICAP.

The ICAP server can be enabled by following the Setup Guide. For configuring your security appliance, please refer to our detailed guides for the most popular ICAP-enabled security appliances.