CirrostratusWe are trying integrate F5 ASM 12.0 version with CheckPoint Sandblast ICAP server.
As per Checkpoint ICAP URI is icap://x.x.x.x:1344/sandblast . We tried to configure it and did packet capture, basic network connectivity is ok however unable to notice any files in sandblast server which are going to Sandblast for scan
I would appreciate if anyone assist us in this integration.
AltostratusAre you using ASM for the whole config or just for creating violation list?
EmployeeI can't find any documentation on Sandblast ICAP.
Are you sure the URI is /sandblast and not /sandblast/reqmod?
Have you configured this in the ASM system variable icap_uri?
Don't forget to restart ASM after changing this value.
CirrostratusViolation list is not yet created.
I am able to integrate F5 ASM with CheckPoint SandBlast ICAP server, I replaced icap_uri from /reqmod to /sandblast
Above setting we can get in ASM at Security > Options > Application Security > Advanced Configuration > System Variables
@PK:- I would appreciate if you could share recommended action for violation policy creation
CirrostratusASM restart is also required. To restart ASM you can use below command
tmsh restart sys service asm
AltostratusI'm using LTM for ICAP and ASM for raising custom violations. is there any specific reason for using ASM for ICAP? you might want to know there is buffer size limit on ASM , i think 20Mb.