Error on installation new ICAP best practice advanced CPL via MC
search cancel

Error on installation new ICAP best practice advanced CPL via MC


Article ID: 171734


Updated On:


Symantec Products


You get an error upon installing the new ICAP best practice guide via Management Center (MC).


This error is a result of misconfiguration .Inside the policy object in the Editor tab you refer to the Name value. If the Display and Name values do not match and you incorrectly use the Display Value in the Editor you will get an error on installation:



The steps to fix this are below:

  1. Create/edit a policy object under Configuration > Policy >
  2. NOTE: Make sure the "Replace substitution variables" option is ticked.
  3. In the Editor Tab paste in the new ICAP Best Practice CPL code which you can find here
  4. NOTE: By default the file has the medium profile uncommented. If you do not have any rule in the VPM, local, central or forward file for sending traffic to ICAP server you have to edit this file first:
    • un comment line 717
    • un comment line 721 response.icap_service( ${device.attributes.cas_attribute}, fail-closed )
  5. Line 721 uses the attribute that generates the error. For the purposes of this demonstration we will use a group of ICAP hosts called "cas-group". This has to match with your ICAP group/host as defined on your ProxySG in your environment.
  6. Navigate to Administration > Attributes >Add Attribute. Give it a Display name of "Just_another_attribute" and a Name of "cas_attribute" and in the Default Value field enter "cas-group". Leave other fields with default values.
  7. Add a target to the new CPL policy and push it.