You can optimize DLP processing by adding more than one ICAP server.
Configure one or more ICAP servers and the settings used by the ICAP feature when communicating with the servers.
- In Skyhigh CASB, select Policy > Web Policy > Feature Configuration.
- Select ICAP Server > ICAP for DLP Setting.
- From the Actions list, select Clone and Edit.
- Provide a name for the feature configuration and an optional comment.
- Click Add Server, then select a protocol from the Type drop-down list:
- Configure these options:
- Hostname/IP — Specifies the host name or IP address of the ICAP server.
- Port — Specifies the port number to use when connecting to the ICAP server.
- Respect MAX Concurrent Connections — When selected, the ICAP feature only opens as many concurrent connections with the ICAP server as the server allows.
- Click Save to close the ICAP Server dialog. Optionally, add another ICAP server to the server list.
- Select these headers to exclude them when the ICAP feature forwards web requests to the ICAP server:
- X-Authenticated-User — Excludes the header containing information about the authenticated user.
- X-Authenticated-Groups — Excludes the header containing information about the authenticated user's group memberships.
- Select Use Certificate List for Verification to set up a trust relationship between the ICAP feature and the ICAP server based on certificate verification.
- Click Add Certificate to import each ICAP server certificate and add it to the certificate list.
- Click Save.
You can publish saved changes to the cloud now or keep working and publish later.