Support Center > Search Results > SecureKnowledge Details
ICAP Server support for Threat Prevention Technical Level


  • This feature is now available on (GA) Security Gateway and Security Management, versions R80.20 and higher. 
  • If you have R80.10 with R80.10 Jumbo HFA - Take_142 installed, Contact Check Point Support to get a Hotfix which adds this feature on top of Take_142.

ICAP Server can work with the Threat Emulation and Anti-Virus blades only. Threat Extraction is also supported since R81. Any other blades in a Threat Prevention profile will be ignored.

To activate the ICAP Server in a Security Gateway object in SmartConsole, you must first enable Threat Emulation and/or Anti-Virus blade in that Security Gateway object.

Upon ICAP Server activation, an auto-generated rule is created in the Threat Prevention rule base, as in MTA. This rule is installed on all Security Gateways with active ICAP Server.


  • ICAP Server has only one rule that must be located in an upper rule (alongside with MTA) of the Threat Prevention policy.
  • ICAP Server supports only Anti-Virus deep-scan. Any additional functionality, such as MD5 hash, URL reputation, and signature based protection, is not supported for this flow.
  • There are no network based rules or exceptions that are related to ICAP rule / profile.
  • VSX is not supported.
For additional details on how to configure the ICAP client and ICAP server, please see the relevant Threat Prevention Administration Guide.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document