S W G U s e r G u i d e
Chapter 15: Implementing ICAP
82
edit these rules. You can also create new rules from scratch.
Â
To define a rule in an ICAP Forward policy
1. In the Policy tree, expand the policy so that you display its existing rules. For instructions on
displaying the Policy tree, see
Step 1
in the procedure
Defining an ICAP Forward Policy
.
2. Do any of the following:
• To edit an existing rule, click the rule in the tree, and then in the main pane, click
Edit
.
• To add a rule to a policy that has no rules, or to add a rule to the bottom of the rule list in the
policy, right‐click the policy and choose
Add
Rule
.
• To add a rule directly above an existing rule, right click the existing rule, and select
Insert
Rule
.
The main window displays the Rule Definition screen.
3. Enter a name for the rule.
4. Provide a description of the rule. The description is optional.
5. Ensure that the checkbox is appropriately selected or cleared depending on whether or not the
rule should be enabled after being committed.
6. Select the
ICAP
Service
Group
that will provide the ICAP Services.
7. Select the action that SWG should take in case of error. Possible actions:
•
Fail
open
— In case of TCP failure, continue as if nothing happened.
•
Fail
close
— In case of any ICAP conversation failure, fail the HTTP transaction.
8. Click
Save
.
9. To make rule triggering conditional, continue with
Defining Conditions in an ICAP Forward Rule
.
10. To define additional rules in this policy, repeat this procedure.
11. If you are ready to distribute and implement the changes in your system devices, click
.
Defining Conditions in an ICAP Forward Rule
Â
To define conditions in an ICAP Forward Rule
1. In the Policy tree, expand the relevant policy and rule. For instructions on displaying the Policy
tree, see
Step 1
in the procedure
To define an ICAP Forward Policy
.
2. Do either of the following:
• To edit an existing condition, click the condition in the tree, and in the main pane, click
Edit
.
• To add a new condition to a rule:
NOTE:
Before
defining
a
rule,
ensure
that
the
ICAP
Service
Group
that
will
be
associated
with
the
rule
has
already
been
created.
You
can
use
the
group
before
it
has
been
committed.
For
instructions,
see
Defining ICAP Service Groups
.
NOTE:
Rules
in
a
policy
are
checked
sequentially
from
the
top,
and
the
first
rule
to
be
activated
in
a
policy
determines
the
handling
of
the
content.
Therefore,
the
sequential
placement
of
rules
in
a
policy
is
significant.
The
default
action
when
no
rule
fires
is
to
bypass
ICAP
service.
For
instructions
on
moving
a
rule
within
a
policy,
see
Relocating an Item in a
Tree
.
