Forum Discussion
imranHaider
Altostratus
AltostratusHow to disable preview if using iCAP via ASM
Hello,
i have an iCAP server configured via ASM. The basic connectivity is OK however when the ASM send an attachment to the icap server (fortinet sandbox), the sandbox replies back instantly with a 204 no content found response. so in effect the F5 doesnt wait for the scan result and the attachment gets uploaded to the webserver.. I am thinking to somehow disable the preview feature so the F5 should be able to wait for the sandbox response..
is this achievable with ASM, or do i need to use Adaptation profile with an internal VS with a pool member as a icap server?
thanks in advance.
Not all webtraffic, only the one with attachment.
yes, the processing add a little latency but invisible for the end user.
if you are satisfied with the answer, don't forget to mark the answer solved.
- Lidev
MVP
Hello,
We have meet the same issue with OPSWAT product with ICAP Server configured in ASM module. We solved the problem using LTM configuration with Adaptation profile and internal Virtual Server like you mentionned 😉
Configuring HTTP Request and Response Adaptation
Regards
imranHaiderThanks a lot for the valueable response.
As i understand that now all your webtraffic will pass through the sandbox, so do you see any delay or latency issues?
i assume there will be some latency though un-noticeable to the users.
- Lidev
Not all webtraffic, only the one with attachment.
yes, the processing add a little latency but invisible for the end user.
if you are satisfied with the answer, don't forget to mark the answer solved.
- imranHaider
I have configured adapt profile and i can see that the communication is happening. I also see the file received by the AV server and scanned, while at the same instant the F5 sends a connection reset 104.
below logs from AV server
2020-04-07 23:51:36 172.19.0.9 socket error [Errno 104] Connection reset by peer
2020-04-07 23:51:36 File from ICAP client (172.18.4.10)(self IP) was submitted. client_ip=137.210.92.58 sha256=4c11e6e120d335f8ca85af0aa3f4f12151a8e3de486b0ac8e9
66d6e8e512992a fname=vpn8.PNG
2020-04-07 23:51:36 172.18.4.10(self IP) socket error [Errno 104] Connection reset by peer
in /var/log/ltm i see below
Apr 8 00:15:08 lab-F5.com err tmm3[20599]: 01aa0003:3: ICAP (137.210.92.58:59860 -> 172.16.6.6:443): Parsing ICAP response headers failed
172.16.6.6 is the webserver VIP on LTM
i dont find much info about this error 104. Appreciate your help,thanks
- Lidev
Hi,
Have you configured HTTP Request Adapt profile AND Response Adapt profile on your virtual Server ?
See also this link https://support.f5.com/csp/article/K90438506
Ivan_ChernenkiiEmployee
Hello,
How do you configure ICAP for ASM?
Do you specify it in Security ›› Options : Application Security : Integrated Services : Anti-Virus Protection?
Do you enable appropriate violation and settings on Security ›› Application Security : Integrated Services : Anti-Virus Protection?
Do you send attachment as HTTP upload or as SOAP attachment?
ASM shouldn't send any preview request in case of correct configuration.