Skip to main content
charles_lesiasel
charles_lesiasel
New Member
October 6, 2015
Question

WCCP FortiGate and SQUID

  • October 6, 2015
  • 1 reply
  • 8668 views

Dear All, 

 

I like to configure squid to cache the http and https packet from fortigate.

My topology its look like this

user and Proxy in same network : 192.168.1.0 /24

Proxy ip : 192.168.1.229

Fortigate : 192.168.1.1

 

Fortigate 200 D

 

Can someone hlep me to config the fortigate and the squid ?

 

Regards,

Charles 

 

    1 reply

    emnoc
    emnoc
    New Member
    October 6, 2015

    Did you  follow the kb or cookbook? They have  descriptions about WCCP with fortigate. FWIW you will have to remove  encryption if your ever planning on   cache HTTPS. This will introduce more issues to contend with.

     

     

    [ul]
  • encryption  thru-put
  • security ,privacy & risk concerns
  • maintaining CAs issues
  • sslbump
  • etc...[/ul]

     

     

    I would do a full a details and then read the kb and jump in.

     

     http://docs.fortinet.com/d/fortigate-wan-optimization-web-cache-explicit-proxy-and-wccp-2

     

    ken

    • HASimac
    HASimac
    New Member
    October 6, 2015

    Hello,

     

    To be honest, I'm my point of view, using a SQUID will not provide additional security benefits.

    You can configure the FGT200D as a proxy (which is working fine !).

    The FGT200D provides these benefits:

    - SSL Inspection,

    - AD Integration,

    - URL, Application Control, IPS, etc based on AD group.

     

    Regards,

     

    HA 

    emnoc
    emnoc
    New Member
    October 6, 2015

    That's 100% true in those  AREAS ,  but from pure raw storage and performance, I highly doubt a  single FGT200D could beat my pair or single  R620 with dual cpu and 10k disks  ;)

     

    How much of the single  internal SSD disk and the controller ( availability ) on the  FGT200D would be my 1st concern. You can also do way so much from  controllers and don't have to be a firewall administrator or security specialist nor need a subscription.

     

    e.g

    [ul]
  •   web/url-filtering subscription ( not need with squid )
  •   AV ( not needed with SquidClamAV )
  •   Snort could easily be stacked  ontop
  •   Data harvesting and capturing is simple with Squid for a set of url or sites[/ul]

     

    Ken

    • Terms & ConditionsAccessibility statement