Enabling and disabling integration with a proxy server via ICAP

If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

When a standalone proxy server is used, Kaspersky Anti Targeted Attack Platform does not provide encryption of ICAP traffic or authentication of ICAP clients by default. The application administrator must take steps to ensure a secure network connection between your proxy server and Kaspersky Anti Targeted Attack Platform by using traffic tunneling or iptables.

To enable or disable integration with a proxy server via ICAP on a server with the Central Node and Sensor components installed:

1. Select the Sensor servers section in the window of the application web interface.

   The Server list table will be displayed.

2. Click the localhost Sensor component.

   This opens the Sensor component settings page.

3. Select the ICAP integration with proxy server section.
4. In the Settings> <name of the server with the Sensor component> section, in the State field, do one of the following:
   • If you want to enable integration with a proxy server via ICAP, move the toggle switch to Enabled.

     By default, the toggle switch is in the Disabled position.

   • If you want to disable integration with a proxy server via ICAP, move the toggle switch to Disabled.
5. The Host field displays the URL of the Response Modification (RESPMOD) service that processes inbound traffic; the URL has the following format: icap://<host>:1344/av/respmod, where <host> is the IP address of the server where the Sensor component is installed. To configure integration with Kaspersky Anti Targeted Attack Platform, copy this URL and paste it in the settings of the proxy server that your organization used.

Integration with a proxy server via ICAP is enabled.

To enable or disable integration with a proxy server via ICAP on an individual server with the Sensor component:

1. Enter the management console of the Sensor server via the SSH protocol or through a terminal.
2. When the system prompts you, enter the administrator user name and the password that was set during the installation of the application.

   This opens the settings menu for the Sensor component. If the menu does not open, enter the kata-admin-menu command and press Enter.

3. Go to the Program settings → Configure ICAP integration section.

   To select a row, you can use the ↑, ↓, and ENTER keys. The selected row is highlighted in red.

4. This opens a window, in that window, select the Enabled line and press the ENTER key.

   [x] is displayed to the right of the Enabled setting.

5. In the settings of your proxy server, enter the URL from the RESPMOD field.

Integration with the proxy server and an individual server with the Sensor component via ICAP is configured.

If you have deployed the Central Node and Sensor components as a cluster, you can configure high-availability integration with a proxy server.

To configure the high-availability integration with the proxy server:

1. Configure Round Robin on the DNS server for the domain name corresponding to the Central Node cluster.
2. Specify this domain name in the proxy server settings.

Integration with the proxy server will be configured based on the domain name. The proxy server will communicate with a random server in the cluster. If this server fails, the proxy server will communicate with another healthy server in the cluster.