Web Security: ICAP Support
Many DLP Systems, etc. work to filter web traffc by utilizing a 3rd party HTTP Proxy (Squid, etc.)... Most work with ICAP compatible Proxies... adding this ability would preclude my customers from having to add yet another proxy to their network infrastructure.
Please add this function to UTM.
The more we talk with system integrators and customers on the transition from TMG to UTM, the more we need to hear this function.
Since in large enterprises, TMG is a component of the overall security system.
Joe Saland commented
Two things, one I find it odd that someone said this is not in the cards when Sophos is a member of the I-CAP Forum (http://www.sophos.com/en-us/about-us/company-profile/industry-affiliations.aspx). I would hope that means they have the intention of adding this capability to this product. Secondly, without ICAP support the integration of this totally awesome UTM solution with other necessary security solutions (DLP?) really make it a hard sell in today's environment.
Thomas TSP commented
It´s really right, the additional ICAP-interface is very important and not only a "nice to have" in this time.
Its a "must!", because today legal web-links left on legal web-sides and/or in mails leads to illegal actions.
And smart security devices always use ICAP against this this very dangerous behavior!!
Andreas TSP commented
it is not only a "nice to have".
please add this feature.
I've been told this is "not in the cards." ... so I retract my votes..
Christopher Amatulli commented
i agree with this one, it could be a pre-cursor to Astaro being extreemly compittive in the DLP/UTM/CF market
Bob, It wouldn't necessarily have to be part of the reverse Proxy... however, I feel it should be implemented; a lot of Astaro's competition support ICAP. There's example code out there in the form of Squid (which Astaro used to use) .. Squid supports ICAP. I like the new proxy's performance better, but maybe they should "borrow" a bit from an old friend.
Bob Alfson commented
Bruce, could/should this be a part of the design of a reverse HTTP proxy?
(I learn something from BruceK every day!)