i have an iCAP server configured via ASM. The basic connectivity is OK however when the ASM send an attachment to the icap server (fortinet sandbox), the sandbox replies back instantly with a 204 no content found response. so in effect the F5 doesnt wait for the scan result and the attachment gets uploaded to the webserver.. I am thinking to somehow disable the preview feature so the F5 should be able to wait for the sandbox response..
is this achievable with ASM, or do i need to use Adaptation profile with an internal VS with a pool member as a icap server?
thanks in advance.
Solved! Go to Solution.
Thanks a lot for the valueable response.
As i understand that now all your webtraffic will pass through the sandbox, so do you see any delay or latency issues?
i assume there will be some latency though un-noticeable to the users.
I have configured adapt profile and i can see that the communication is happening. I also see the file received by the AV server and scanned, while at the same instant the F5 sends a connection reset 104.
below logs from AV server
2020-04-07 23:51:36 172.19.0.9 socket error [Errno 104] Connection reset by peer
2020-04-07 23:51:36 File from ICAP client (172.18.4.10)(self IP) was submitted. client_ip=126.96.36.199 sha256=4c11e6e120d335f8ca85af0aa3f4f12151a8e3de486b0ac8e9
2020-04-07 23:51:36 172.18.4.10(self IP) socket error [Errno 104] Connection reset by peer
in /var/log/ltm i see below
Apr 8 00:15:08 lab-F5.com err tmm3: 01aa0003:3: ICAP (188.8.131.52:59860 -> 172.16.6.6:443): Parsing ICAP response headers failed
172.16.6.6 is the webserver VIP on LTM
i dont find much info about this error 104. Appreciate your help,thanks
How do you configure ICAP for ASM?
Do you specify it in Security ›› Options : Application Security : Integrated Services : Anti-Virus Protection?
Do you enable appropriate violation and settings on Security ›› Application Security : Integrated Services : Anti-Virus Protection?
Do you send attachment as HTTP upload or as SOAP attachment?
ASM shouldn't send any preview request in case of correct configuration.