Solution |
The Web Cache Communication Protocol (WCCP) was developed by Cisco Systems for establishing and maintaining the transparent redirection of selected. The Predefined Service IDs can be referred to the Cisco site. What WCCP service IDs should be used on Cisco Web Security Appliance?
In this sample, predefined group IDs 0 for HTTP and 70 for HTTPS are used.
Topology:
FortiGate:
config system interface edit "port2“ set ip 10.207.1.188 255.255.240.0 set wccp enable end
config system wccp edit "0“ set router-id 10.207.1.188 set server-list 10.207.1.234 255.255.255.255 next edit “70“ set router-id 10.207.1.188 set server-list 10.207.1.234 255.255.255.255 next end
Enable WCCP on policy:
config firewall policy edit 1 set wccp enable <-- next
FortiProxy:
config system interface edit "port2“ set ip 10.207.1.188 255.255.240.0 set wccp enable end
config system settings set wccp-cache-engine enable
config system wccp edit "0“ set cache-id 10.207.1.234 set router-list "10.207.1.188“ next edit "70“ set cache-id 10.207.1.234 set router-list "10.207.1.188“ end
Configure policy and central NAT policy on FortiProxy:
After that, test access internet from the client. Web traffic should be redirected from FortiGate to FortiProxy. This can be verified by checking on FortiView Sessions or Forward traffic logs on FortiGate and FortiProxy.
Traffic hit policy ID 1 on FortiProxy:
Verifying WCCP status:
FortiGate # diagnose test application wccpd 2 2023-08-10 09:26:09
vdom-root: work mode:router working NAT first_phy_id=4 2023-08-10 09:26:09 interface list: 2023-08-10 09:26:09 intf=port2, gid=4 phy_id=4 2023-08-10 09:26:09 service list: 2023-08-10 09:26:09 service: 70, router_id=10.207.1.188, group=0.0.0.0, auth(no) access2023-08-10 09:26:09 10.207.1.234/255.255.255.2552023-08-10 09:26:09 server_type=1 forward=1 return=1 assign=1 2023-08-10 09:26:09 erouter_id=10.207.1.188 2023-08-10 09:26:09 service: 0, router_id=10.207.1.188, group=0.0.0.0, auth(no) access2023-08-10 09:26:09 10.207.1.234/255.255.255.2552023-08-10 09:26:09 server_type=1 forward=1 return=1 assign=1 2023-08-10 09:26:09 erouter_id=10.207.1.188
FortiGate # diagnose test application wccpd 3 2023-08-10 09:26:10 service-70 in vdom-root: num=1, usable=1 2023-08-10 09:26:10 cache server ID: 2023-08-10 09:26:10 len=44, addr=10.207.1.234, weight=0, status=0 2023-08-10 09:26:10 rcv_id=421, usable=1, fm=1, nq=0, dev=4(k4), to=10.207.1.188 2023-08-10 09:26:10 ch_no=0, num_router=1: 2023-08-10 09:26:10 10.207.1.188 2023-08-10 09:26:10 service-0 in vdom-root: num=1, usable=1 2023-08-10 09:26:10 cache server ID: 2023-08-10 09:26:10 len=44, addr=10.207.1.234, weight=0, status=0 2023-08-10 09:26:10 rcv_id=421, usable=1, fm=1, nq=0, dev=4(k4), to=10.207.1.188 2023-08-10 09:26:10 ch_no=0, num_router=1: 2023-08-10 09:26:10 10.207.1.188
FortiGate # diagnose test application wccpd 4 2023-08-10 09:26:11 service-70 in vdom-root: 2023-08-10 09:26:11 total_servers=1, type=1, usable_servers=1, assign_m=1, rtun_m=1, wcid_len=48, rcv_id=421, ch_no=1 2023-08-10 09:26:11 ID=70, type=1, pri=0, pro=0 f=00000002 Port:2023-08-10 09:26:11 num-routers=1: 2023-08-10 09:26:11 10.207.1.1882023-08-10 09:26:11 2023-08-10 09:26:11 service-0 in vdom-root: 2023-08-10 09:26:11 total_servers=1, type=1, usable_servers=1, assign_m=1, rtun_m=1, wcid_len=48, rcv_id=421, ch_no=1 2023-08-10 09:26:11 ID=0, type=0, pri=0, pro=0 f=00000000 Port:2023-08-10 09:26:11 num-routers=1: 2023-08-10 09:26:11 10.207.1.1882023-08-10 09:26:11
|