Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
duenlim
Staff
Staff

Created on ‎05-31-2023 09:49 PM

Article Id 258830

Technical Tip: Packet capture to view WCCP negotiation packets

Description This article describes How WCCP packets are being communicated between FortiGate and FortiProxy
Scope FortiGate and FortiProxy
Solution

The FortiGate/FortiProxy is configured to use WCCP but does not appear to be transmitting/receiving web traffic. This could be due to an error in the WCCP communication between the FortiProxy and FortiGate. Analysis of the WCCP negotiation packets ('Here I am' and 'I see you') can help to narrow down the issue. 

 

Configure the FortiGate to capture only WCCP traffic (UDP port 2048).

 

packet-capture.png

 

 

Let the capture run for 30 seconds and download the view in Wireshark. 

 

wccp.png

 

The default behavior of the WCCP client should transmit 'Here I AM' every 10 seconds, the packet capture shows the FortiProxy (10.176.2.168) as the WCCP client and FortiGate (10.176.2.189) as the WCCP server.

 

 

334
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.