connect to an icap server, but is it possible to route only specific services to the virtual server?

Question

Since it's created as an internal virtual server, I don't know what traffic is going through that VS.
Is it possible to configure it so that only certain services go through that VS?
&nbsp;
refer : https://www.f5.com/pdf/integration-guide/f5-ssl-orchestrator-and-symantec-dlp-ssl-visibility-and-content-adaptation.pdf
https://www.f5.com/pdf/solution-center/f5-ssl-orchestrator-and-mcafee-dlp-recommended-practices-guide.pdf

jeff_granieri · Accepted Answer

Hello,
&nbsp;
Have you configured any service chains?&nbsp; This is where you would setup which services / routing would go towards that VS.&nbsp; Something like this: &nbsp;
Service Cain: chain_dlp_scan.&nbsp; description - &nbsp;"Chain for DLP-sensitive traffic".
services&nbsp; - Move icap_dlp (and any other services like inline L3 firewall) from Services Available to Selected Service Chain Order. Order matters (e.g., decrypt &gt; ICAP &gt; re-encrypt).
&nbsp;
Then you would look at security policies -- creating a rule --&nbsp;
&nbsp;

Conditions (match-all or match-any):

Source: IP/subnet (e.g., client from 10.0.0.0/8).
Destination: IP/subnet, geolocation, port (e.g., dest port 80/443), or host/SNI (e.g., category "Social Networking" via URLDB).
Protocol: HTTP, TCP, etc.
Other: IP Intelligence (reputation), flow info.
Examples from guides: Bypass for financial/healthcare URLs to comply with regulations (use URL Category Lookup).

Actions:

SSL Check: Decrypt or bypass.
Service Chain: Assign to chain_dlp_scan (includes ICAP) for matching traffic.
Server Certificate Check: Reject invalid certs

&nbsp;
&nbsp;
&nbsp;

Forum Discussion

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

which virtual server will be hit?

Questions on device trust

Restore configuration to GTM Sync Group device

Viprion End of Software Support (EoSS)

BIG‑IQ: Adding rSeries/Velos Devices through the REST API

Related Content

Logging/Blocking possible prompt injection

SSL Orchestrator Service Extensions: DoH Guardian

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

F5 Container Ingress Services (CIS) deployment using Cilium CNI and static routes

APM-Specific Features for Securing Your Website