| Solution |
The Web Cache Communication Protocol (WCCP) was developed by Cisco Systems for establishing and maintaining the transparent redirection of selected. The Predefined Service IDs can be referred to the Cisco site.
What WCCP service IDs should be used on Cisco Web Security Appliance?
In this sample, predefined group IDs 0 for HTTP and 70 for HTTPS are used.
Topology:
FortiGate:
config system interface
edit "port2“
set ip 10.207.1.188 255.255.240.0
set wccp enable
end
config system wccp
edit "0“
set router-id 10.207.1.188
set server-list 10.207.1.234 255.255.255.255
next
edit “70“
set router-id 10.207.1.188
set server-list 10.207.1.234 255.255.255.255
next
end
Enable WCCP on policy:
config firewall policy
edit 1
set wccp enable <--
next
FortiProxy:
config system interface
edit "port2“
set ip 10.207.1.188 255.255.240.0
set wccp enable
end
config system settings
set wccp-cache-engine enable
config system wccp
edit "0“
set cache-id 10.207.1.234
set router-list "10.207.1.188“
next
edit "70“
set cache-id 10.207.1.234
set router-list "10.207.1.188“
end
Configure policy and central NAT policy on FortiProxy:
After that, test access internet from the client. Web traffic should be redirected from FortiGate to FortiProxy. This can be verified by checking on FortiView Sessions or Forward traffic logs on FortiGate and FortiProxy.
Traffic hit policy ID 1 on FortiProxy:
Verifying WCCP status:
FortiGate # diagnose test application wccpd 2
2023-08-10 09:26:09
vdom-root: work mode:router working NAT first_phy_id=4
2023-08-10 09:26:09 interface list:
2023-08-10 09:26:09 intf=port2, gid=4 phy_id=4
2023-08-10 09:26:09 service list:
2023-08-10 09:26:09 service: 70, router_id=10.207.1.188, group=0.0.0.0, auth(no)
access2023-08-10 09:26:09 10.207.1.234/255.255.255.2552023-08-10 09:26:09
server_type=1 forward=1 return=1 assign=1
2023-08-10 09:26:09 erouter_id=10.207.1.188
2023-08-10 09:26:09 service: 0, router_id=10.207.1.188, group=0.0.0.0, auth(no)
access2023-08-10 09:26:09 10.207.1.234/255.255.255.2552023-08-10 09:26:09
server_type=1 forward=1 return=1 assign=1
2023-08-10 09:26:09 erouter_id=10.207.1.188
FortiGate # diagnose test application wccpd 3
2023-08-10 09:26:10 service-70 in vdom-root: num=1, usable=1
2023-08-10 09:26:10 cache server ID:
2023-08-10 09:26:10 len=44, addr=10.207.1.234, weight=0, status=0
2023-08-10 09:26:10 rcv_id=421, usable=1, fm=1, nq=0, dev=4(k4), to=10.207.1.188
2023-08-10 09:26:10 ch_no=0, num_router=1:
2023-08-10 09:26:10 10.207.1.188
2023-08-10 09:26:10 service-0 in vdom-root: num=1, usable=1
2023-08-10 09:26:10 cache server ID:
2023-08-10 09:26:10 len=44, addr=10.207.1.234, weight=0, status=0
2023-08-10 09:26:10 rcv_id=421, usable=1, fm=1, nq=0, dev=4(k4), to=10.207.1.188
2023-08-10 09:26:10 ch_no=0, num_router=1:
2023-08-10 09:26:10 10.207.1.188
FortiGate # diagnose test application wccpd 4
2023-08-10 09:26:11 service-70 in vdom-root:
2023-08-10 09:26:11 total_servers=1, type=1, usable_servers=1, assign_m=1, rtun_m=1, wcid_len=48, rcv_id=421, ch_no=1
2023-08-10 09:26:11 ID=70, type=1, pri=0, pro=0 f=00000002
Port:2023-08-10 09:26:11 num-routers=1:
2023-08-10 09:26:11 10.207.1.1882023-08-10 09:26:11
2023-08-10 09:26:11 service-0 in vdom-root:
2023-08-10 09:26:11 total_servers=1, type=1, usable_servers=1, assign_m=1, rtun_m=1, wcid_len=48, rcv_id=421, ch_no=1
2023-08-10 09:26:11 ID=0, type=0, pri=0, pro=0 f=00000000
Port:2023-08-10 09:26:11 num-routers=1:
2023-08-10 09:26:11 10.207.1.1882023-08-10 09:26:11
|
