Starting with Avi Load Balancer 21.1.3, ICAPs is supported. ICAP traffic can now be encrypted using SSL.
The following are the configuration components for enabling ICAPs:
To configure ICAPs on NSX Defender, enable Secure ICAP in Proxy configurations as shown below:
To configure ICAPs on OPSWAT, see Configuring TLS.
In Avi Load Balancer, when configuring a pool for ICAPs, ensure SSL is enabled in the Pool, that is referred to in the ICAP profile (has IPs of ICAP servers) and configure the default port as 1344.
In Avi Load Balancer, ICAP supports HTTP2 traffic to the virtual service. If the virtual service has HTTP2 enabled for any port, and ICAP is configured, the HTTP2 traffic will be subjected to the ICAP server.