FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
duenlim
Staff
Staff
Article Id 258830
Description This article describes How WCCP packets are being communicated between FortiGate and FortiProxy
Scope FortiGate and FortiProxy
Solution

The FortiGate/FortiProxy is configured to use WCCP but does not appear to be transmitting/receiving web traffic. This could be due to an error in the WCCP communication between the FortiProxy and FortiGate. Analysis of the WCCP negotiation packets ('Here I am' and 'I see you') can help to narrow down the issue. 

 

Configure the FortiGate to capture only WCCP traffic (UDP port 2048).

 

packet-capture.png

 

 

Let the capture run for 30 seconds and download the view in Wireshark. 

 

wccp.png

 

The default behavior of the WCCP client should transmit 'Here I AM' every 10 seconds, the packet capture shows the FortiProxy (10.176.2.168) as the WCCP client and FortiGate (10.176.2.189) as the WCCP server.

 

 

Contributors