Solved: WSA ICAP COMMUNICATION USING P1 INTERFACE

Alex2025 · ‎05-13-2026

Hello Team,

I'm trying to configure an external DLP on WSA. I'm using the ICAP protocol to intercept traffic and send it to the DLP. The traffic is going through the management interface (M1) instead of the production port, even though I've set up specific routes. Is this normal? If not, how can I force ICAP traffic to the production interface?

Alex2025 · ‎06-09-2026

Hello team,

i solve this point. ICAP use management interface for test and use Prod interface for production traffic.

View solution in original post

amojarra · ‎05-22-2026

Hello @Alex2025

if you have a separate routing table, lets say:

Management interface: 192.168.1.100/24 : Gateway : 192.168.1.1

P1 interface: 192.168.2.100/24 : Gateway :192.168.2.1

and the DLP server is 192.168.3.33

create an static route in Management routing table for your DLP server, and put the P1's Gateway there

Management Routing table

DLP_Static_Route: 192.168.3.33 -> 192.168.2.1

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

Alex2025 · ‎06-09-2026

Hello team,

i solve this point. ICAP use management interface for test and use Prod interface for production traffic.