Each configured inpath interface participates in wccp service groups as an individual wccp client, providing redundancy and flexibility to balance the redirected traffic load among inpath interfaces. This is universal to all tiers, and only one router can be defined. The pa has userid and url filtering, so you could just eliminate the web proxy with the pa to simplify your environment. Webbased apps and content are increasingly popularand increasingly under attack. Ip range filtering based on tiers will work based on tier address spaces just as filtering does now. Identify common issues, product performance, configuration issues and gather data for supportassisted troubleshooting. You can either define all the settings for each interface or go back and forth between the two interfaces. I have a cisco 4500 core, 3750s at the edge and then some wireless aps which wifi clients connect too. Cisco roll out a bluecoat as a wccp for a asa 5520. I assume that i need to enable wccp on our core, and apply a policy to vlan 100. Web cache communication protocol wccp is a ciscodeveloped contentrouting protocol. Ciscos web cache communication protocol wccp can be used to redirect traffic in real time.
Web cache communication protocol wccp is a ciscodeveloped contentrouting protocol that provides a mechanism to redirect traffic flows in realtime. This configuration example is for a simple deployment consisting of one wccp device and a single proxysg appliance. It is a standard developed by blue coat to communicate between proxysg and other blue coat appliances c. It has builtin load balancing, scaling, fault tolerance, and serviceassurance failsafe mechanisms. The options defined in the nfig configuration file control the use of wccp with content gateway. Cisco web security appliance wsa and cisco catalyst 3560 or 3750 wccp is only supported on the catalyst 35603750 running ip services or advanced ip services feature sets, on ios 12. I want to configure wccp to redirect the wireless client traffic on vlan 100 to go to our proxy server.
All right, title and interest in and to the software and documenta tion are and shall remain the exclusive property of blue coat systems, in c. Users can access the internet but when i configure wccp on asa the i cant see any traffic redirected. A configuration pair panel opens so that you can configure a pair of interfaces for wccp. I need to roll out a bluecoat as a wccp for a asa 5520. The blue coat systems passthrough card is a device that enables a bridge, using its two interface. This module interacts with blue coat sgosbased devices. All right, title and interest in and to the software and documentation are and shall remain the exclusive property of blue coat. Currently, the rocket has a limit of 50 tiers with wccp enabled. Configure wccp on your cisco ios router on techrepublic. Explicit proxy deployment, where the users client software is configured to send requests. A typical use case for wccp would be if you have a proxy or load balancer that you want to redirect traffic to, all transparent to the end userno configuration needed. A typical use case for wccp would be if you have a proxy or load balancer that you want to redirect traffic to. Find answers to help me get wccp working between cisco and blue coat from the expert community at experts exchange.
In blue coat sky, click the system settings tab select network wccp make sure the enable wccp checkbox is selected click add new pair a configuration pair panel opens so that you can configure a pair of interfaces for wccp. Learn more about broadcom software products from a community of. Proxy forwarding symantec web security service login. Hi, i am facing some issue with bluecoat for caching. Dec 27, 2018 this wccp sample configuration can be modified to work on a cisco pix or asa firewall. The first phase, described on this page, is install the symantec isa filter program on the isatmg device.
This ensures that traffic continues to optimize in the event of a. Blue coat proxysg configuration and management guide, version. Proxysg s20030 bluecoat out of state packet by millions checkpoint. The lightspeed systems rocket supports wccp version 1 wccpv1 and wccp version 2 wccpv2. Bluecoatsgos a module to interact with blue coat sgosbased devices. Catalyst 4500 series switch cisco ios software configuration. Symantec enterprise security learn about the latest support portal enhancements learn about the latest support portal enhancements learn about the latest support portal enhancements learn about the latest support portal enhancements. How much can one learn software development in general, programming on their own. Technical field alerts provide you with information on critical product and software issues.
Wccp provides packet distribution through two algorithms, hash and mask. Catalyst 4500 series switch cisco ios software configuration guide, 12. Cisco roll out a bluecoat as a wccp for a asa 5520 may 25, 2012. You could do this by configuring two wccp service groups as described in the previous. The subset of content engines within a cluster and routers connected to the cluster that are running the same service is known as a service group.
Apr 12, 2007 configure wccp on your cisco ios router. High performance onpremises appliances that protect organizations across the web, social media, applications and mobile networks. Once this is defined, you can enable wccp on the root tier and subtiers. The blue coat proxysg ships with a default configuration for capturing troubleshooting data such as logs and. With an explicit proxy deployment, client software is configured to send. How to view configuration changes made on the proxysg over. The router is the easiest part of any wccp configuration.
Im setting up a config to have wccp with blue coat wan optimizer. The proxysg va must be installed virtually inpath using web cache communication protocol wccp. This wccp sample configuration can be modified to work on a cisco pix or asa firewall. If the route supports l2gre as a forwarding method, iwsva should select l2 when the router and iwsva are in the same network. What happens, if there are multiple listeners to the same tcp port, and destination. In a content gateway cluster, it is recommended that you not enable virtual ip failover in wccp environments. Im in the process of converting our configuration and revalidating rules. Ive seen wccp used with squid proxy servers, blue coat web caching and.
For more information on wccp redundancy and other advanced configuration options, see the blue coat wccp reference guide. All right, title and interest in and to the software and documentation are and shall remain the exclusive property of blue coat systems, inc. Wccp web cache communication protocol is a cisco protocol that lets you redirect web traffic from clients to a proxy server. In addition, wccp is scalable and supports load balancing, service assurance fail safe, and fault tolerance. Cisco firewall service modules fwsms do not support wccp. To configure wccp you must create a service group that includes wccp servers and clients. A cisco layer 3 switch was used for redirecting traffic to the blue coat proxysg virtual appliance using web cache communication protocol wccp. Currently as of the date of this article, there is no tool available from blue coat to automate the process of viewing the configuration changes as described above. I have vlan 100 which wireless clients access via the aps. This traffic redirection helps to improve response time and optimize network resource usage. To support wccp, a cisco switch requires the emi or ip.
Nexus 7000 wccp with bluecoat proxysg cisco community. Wccp configuration allows all the steelhead interceptor inpath interfaces to be individually configured as wccp clients. Help me get wccp working between cisco and blue coat. Have any other members migrated from blue coat proxysg to mcafee web gateway ver 7. L2 forwarding simply rewrites the destination mac address of the intercepted packet to equal the mac address of the target wccp client. Configure wccp on your cisco ios router techrepublic. I was thinking on the layer 3 interface between the core 6509s and the asa.
See wccp load distribution and virtual ip failover. Configuring wccp lightspeed systems community site. It allows a router running linux to redirect web traffic to a group of squid servers using wccp as the monitoringcontroling protocol. Setting up the passthrough card for hardware bridging. Symantec asg wccp configuration with cisco nexus switches. Blue coat proxysg configuration and management guide iv rsa data security, inc. Bluecoat management and configuration guide version 3. This line shown below creates the access list used to define the proxy. See the basic ip configuration page to select and configure wccp deployment. I have configured asa with wccp and wccp status is usable on both sides. Proxysg first steps web guidecontrolling web applications. Blue coat sky the default web interface for the mach 5.
Right now, this is limited to parsing of the sysinfo data from the device. If you doubt your router configplease boot up a router in gns3 with just the minimum configuration required for wccp, just pick. To secure and accelerate public web applications in trusted and untrusted environments, turn to blue coat proxysg web application reverse proxy protection. Content gateway explicit and transparent proxy deployments. Internet asa fw 4 svis layer 3 26509 hsrp mpls router 15 remote sites today i have 3 central internet pops within my network all using asa firewalls, the firewalls each have 15 mpls. Blue coat systems reference guide wccp reference guide for sgos contact. L2 forwarding requires that the wccp server ios is layer 2 adjacent to the wccp client. Bluecoatsgos a module to interact with blue coat sgos. I have also seen design recommendations that say to put the wccp configuration on the svis on the 6509s however, this doesnt cover the 15 sites coming from mpls. Quick overview wccp web cache communication protocol is a content routing protocol developed by cisco that allows you to redirect traffic in real time. To enable wccp on any tier you must first define the wccp router ip on the root tier. Symantec customers click here to learn about your new portal experience. This document describes concepts, limitations, and configuration of the web cache coordination protocol wccp on a cisco adaptive security appliance asa. Deep dive into wccp load balancing not always the network.
The web cache communication protocol wccp is a ciscodeveloped protocol that allows certain cisco routers and switches to transparently redirect traffic to a cache engine such as a proxysg appliance. How do you configure a web cache communication protocol wccp on a cisco catalyst 3560 or 3750 switch. Questions 1 where is the best placement of the wccp process given the network layout. And im mapping out categories between blue coat and mcafees category set 4 list. Wccp reference guide 1 1 1 wccp concepts the web cache communication protocol wccp is a ciscodeveloped protocol that allows certain cisco routers and switches to transparently redirect traffic to a cache engine such as a proxysg appliance. Mar 19, 20 bluecoatsgos a module to interact with blue coat sgosbased devices. Wccp configuration example for catalyst 3560 or 3750 cisco. Wccp is a method by which the asa can redirect traffic to a wccp caching engine through a generic routing encapsulation gre tunnel. Entries should be defined and maintained using the editor provided on configure networking wccp. Using the wccp protocol, a wccpcapable router transparently intercepts traffic. For more information about configuring explicit and transparent proxy options in content. However, if a content gateway cluster uses wccp exclusively, virtual ip failover can be used if no user authentication features are used. Best practice of wccp implementation with blue coat.
Multiple routers can use wccp to service a cache cluster. The central office configuration consisted of one blue coat proxysg 510. Each configured inpath interface participates in wccp service groups as an individual wccp client, providing redundancy and flexibility to balance the redirected traffic load among in. Wccp supports multiple points of redirection and multiple proxysg appliances and can load balance among them. May 25, 2012 cisco roll out a bluecoat as a wccp for a asa 5520. However, if a content gateway cluster uses wccp exclusively, virtual ip failover can be used if no. The switch runs cisco ios software, with appropriate version, in this example version 15. I am trying to use bluecoat proxy for web filtering. If you have an upstream router that supports wccp, it would be best to redirect the traffic before it hits the pa. Configuring wccp or using an automatic configuration script b c. Wccp servers intercept sessions to be cached for example, sessions from users browsing the web from a private network. Figure 461 illustrates a sample configuration using multiple routers figure 461 cisco content engine network configuration using wccp. When i do the wccp configuration on normal switch it works fine. May 31, 20 this document describes concepts, limitations, and configuration of the web cache coordination protocol wccp on a cisco adaptive security appliance asa.
253 983 1310 1365 355 1489 649 1190 200 285 1174 1174 175 1169 615 148 711 706 594 328 134 797 917 1344 1509 1474 533 377 1085 70 75 403 1215 825 526 559 648 1466