Cisco roll out a bluecoat as a wccp for a asa 5520 may 25, 2012. Technical field alerts provide you with information on critical product and software issues. Currently, the rocket has a limit of 50 tiers with wccp enabled. I assume that i need to enable wccp on our core, and apply a policy to vlan 100. Proxy forwarding symantec web security service login. This line shown below creates the access list used to define the proxy. To enable wccp on any tier you must first define the wccp router ip on the root tier. The options defined in the nfig configuration file control the use of wccp with content gateway. Internet asa fw 4 svis layer 3 26509 hsrp mpls router 15 remote sites today i have 3 central internet pops within my network all using asa firewalls, the firewalls each have 15 mpls. A cisco layer 3 switch was used for redirecting traffic to the blue coat proxysg virtual appliance using web cache communication protocol wccp.
Ive seen wccp used with squid proxy servers, blue coat web caching and. The blue coat systems passthrough card is a device that enables a bridge, using its two interface. Proxysg s20030 bluecoat out of state packet by millions checkpoint. Best practice of wccp implementation with blue coat proxysg. See the basic ip configuration page to select and configure wccp deployment. To secure and accelerate public web applications in trusted and untrusted environments, turn to blue coat proxysg web application reverse proxy protection. To support wccp, a cisco switch requires the emi or ip. It allows a router running linux to redirect web traffic to a group of squid servers using wccp as the monitoringcontroling protocol. Symantec asg wccp configuration with cisco nexus switches. Each configured inpath interface participates in wccp service groups as an individual wccp client, providing redundancy and flexibility to balance the redirected traffic load among in. L2 forwarding requires that the wccp server ios is layer 2 adjacent to the wccp client. Help me get wccp working between cisco and blue coat.
Once this is defined, you can enable wccp on the root tier and subtiers. Dec 27, 2018 this wccp sample configuration can be modified to work on a cisco pix or asa firewall. How much can one learn software development in general, programming on their own. For more information about configuring explicit and transparent proxy options in content. Blue coat sky the default web interface for the mach 5. The pa has userid and url filtering, so you could just eliminate the web proxy with the pa to simplify your environment. Proxysg first steps web guidecontrolling web applications. I have vlan 100 which wireless clients access via the aps. Cisco firewall service modules fwsms do not support wccp. Identify common issues, product performance, configuration issues and gather data for supportassisted troubleshooting. Apr 12, 2007 configure wccp on your cisco ios router.
This wccp sample configuration can be modified to work on a cisco pix or asa firewall. Bluecoatsgos a module to interact with blue coat sgos. Wccp configuration allows all the steelhead interceptor inpath interfaces to be individually configured as wccp clients. Explicit proxy deployment, where the users client software is configured to send requests. Symantec enterprise security learn about the latest support portal enhancements learn about the latest support portal enhancements learn about the latest support portal enhancements learn about the latest support portal enhancements. Wccp is a method by which the asa can redirect traffic to a wccp caching engine through a generic routing encapsulation gre tunnel. All right, title and interest in and to the software and documenta tion are and shall remain the exclusive property of blue coat systems, in c. A configuration pair panel opens so that you can configure a pair of interfaces for wccp. What happens, if there are multiple listeners to the same tcp port, and destination. Catalyst 4500 series switch cisco ios software configuration. In a content gateway cluster, it is recommended that you not enable virtual ip failover in wccp environments.
This document describes concepts, limitations, and configuration of the web cache coordination protocol wccp on a cisco adaptive security appliance asa. Best practice of wccp implementation with blue coat. All right, title and interest in and to the software and documentation are and shall remain the exclusive property of blue coat systems, inc. Wccp servers intercept sessions to be cached for example, sessions from users browsing the web from a private network. Im in the process of converting our configuration and revalidating rules. I have also seen design recommendations that say to put the wccp configuration on the svis on the 6509s however, this doesnt cover the 15 sites coming from mpls. Web cache communication protocol wccp is a ciscodeveloped contentrouting protocol that provides a mechanism to redirect traffic flows in realtime. Deep dive into wccp load balancing not always the network.
Configure wccp on your cisco ios router on techrepublic. Questions 1 where is the best placement of the wccp process given the network layout. If you doubt your router configplease boot up a router in gns3 with just the minimum configuration required for wccp, just pick. Belajar bluecoat bluecoat command guide root privileged commands in bluecoat. This module interacts with blue coat sgosbased devices.
Cisco roll out a bluecoat as a wccp for a asa 5520. I am trying to use bluecoat proxy for web filtering. I have a cisco 4500 core, 3750s at the edge and then some wireless aps which wifi clients connect too. Configuring wccp or using an automatic configuration script b c. However, if a content gateway cluster uses wccp exclusively, virtual ip failover can be used if no user authentication features are used. I was thinking on the layer 3 interface between the core 6509s and the asa. Each configured inpath interface participates in wccp service groups as an individual wccp client, providing redundancy and flexibility to balance the redirected traffic load among inpath interfaces.
Wccp web cache communication protocol is a cisco protocol that lets you redirect web traffic from clients to a proxy server. Entries should be defined and maintained using the editor provided on configure networking wccp. The proxysg va must be installed virtually inpath using web cache communication protocol wccp. Using the wccp protocol, a wccpcapable router transparently intercepts traffic. How to view configuration changes made on the proxysg over. This ensures that traffic continues to optimize in the event of a. Wccp v2 and the content gateway configuration handles node failures and restarts. Bluecoat management and configuration guide version 3. I need to roll out a bluecoat as a wccp for a asa 5520. Nexus 7000 wccp with bluecoat proxysg cisco community.
Ciscos web cache communication protocol wccp can be used to redirect traffic in real time. If the route supports l2gre as a forwarding method, iwsva should select l2 when the router and iwsva are in the same network. It has builtin load balancing, scaling, fault tolerance, and serviceassurance failsafe mechanisms. See wccp load distribution and virtual ip failover. Find answers to help me get wccp working between cisco and blue coat from the expert community at experts exchange. Wccp provides packet distribution through two algorithms, hash and mask. Users can access the internet but when i configure wccp on asa the i cant see any traffic redirected.
A typical use case for wccp would be if you have a proxy or load balancer that you want to redirect traffic to. Wccp configuration example for catalyst 3560 or 3750 cisco. Webbased apps and content are increasingly popularand increasingly under attack. Configure wccp on your cisco ios router techrepublic. Blue coat proxysg configuration and management guide, version. The first phase, described on this page, is install the symantec isa filter program on the isatmg device. This configuration example is for a simple deployment consisting of one wccp device and a single proxysg appliance.
However, if a content gateway cluster uses wccp exclusively, virtual ip failover can be used if no. Right now, this is limited to parsing of the sysinfo data from the device. Hi, i am facing some issue with bluecoat for caching. The lightspeed systems rocket supports wccp version 1 wccpv1 and wccp version 2 wccpv2. Catalyst 4500 series switch cisco ios software configuration guide, 12. Im setting up a config to have wccp with blue coat wan optimizer. Learn more about broadcom software products from a community of. Symantec customers click here to learn about your new portal experience. Bluecoatsgos a module to interact with blue coat sgosbased devices. Blue coat systems reference guide wccp reference guide for sgos contact. Mar 19, 20 bluecoatsgos a module to interact with blue coat sgosbased devices. This is universal to all tiers, and only one router can be defined.
May 31, 20 this document describes concepts, limitations, and configuration of the web cache coordination protocol wccp on a cisco adaptive security appliance asa. The blue coat proxysg ships with a default configuration for capturing troubleshooting data such as logs and. May 25, 2012 cisco roll out a bluecoat as a wccp for a asa 5520. Web cache communication protocol wccp is a ciscodeveloped contentrouting protocol. High performance onpremises appliances that protect organizations across the web, social media, applications and mobile networks. Cisco web security appliance wsa and cisco catalyst 3560 or 3750 wccp is only supported on the catalyst 35603750 running ip services or advanced ip services feature sets, on ios 12. The switch runs cisco ios software, with appropriate version, in this example version 15. The central office configuration consisted of one blue coat proxysg 510. The subset of content engines within a cluster and routers connected to the cluster that are running the same service is known as a service group.
Wccp supports multiple points of redirection and multiple proxysg appliances and can load balance among them. Blue coat proxysg configuration and management guide iv rsa data security, inc. This traffic redirection helps to improve response time and optimize network resource usage. A typical use case for wccp would be if you have a proxy or load balancer that you want to redirect traffic to, all transparent to the end userno configuration needed. Configuring wccp lightspeed systems community site.
And im mapping out categories between blue coat and mcafees category set 4 list. In addition, wccp is scalable and supports load balancing, service assurance fail safe, and fault tolerance. With an explicit proxy deployment, client software is configured to send. To configure wccp you must create a service group that includes wccp servers and clients. Currently as of the date of this article, there is no tool available from blue coat to automate the process of viewing the configuration changes as described above. For more information on wccp redundancy and other advanced configuration options, see the blue coat wccp reference guide. Content gateway explicit and transparent proxy deployments. The router is the easiest part of any wccp configuration. L2 forwarding simply rewrites the destination mac address of the intercepted packet to equal the mac address of the target wccp client. If you have an upstream router that supports wccp, it would be best to redirect the traffic before it hits the pa. Setting up the passthrough card for hardware bridging. Multiple routers can use wccp to service a cache cluster. I want to configure wccp to redirect the wireless client traffic on vlan 100 to go to our proxy server.
In blue coat sky, click the system settings tab select network wccp make sure the enable wccp checkbox is selected click add new pair a configuration pair panel opens so that you can configure a pair of interfaces for wccp. You could do this by configuring two wccp service groups as described in the previous. I have configured asa with wccp and wccp status is usable on both sides. You can either define all the settings for each interface or go back and forth between the two interfaces. How do you configure a web cache communication protocol wccp on a cisco catalyst 3560 or 3750 switch. When i do the wccp configuration on normal switch it works fine. The web cache communication protocol wccp is a ciscodeveloped protocol that allows certain cisco routers and switches to transparently redirect traffic to a cache engine such as a proxysg appliance. It is a standard developed by blue coat to communicate between proxysg and other blue coat appliances c. Wccp reference guide 1 1 1 wccp concepts the web cache communication protocol wccp is a ciscodeveloped protocol that allows certain cisco routers and switches to transparently redirect traffic to a cache engine such as a proxysg appliance. Have any other members migrated from blue coat proxysg to mcafee web gateway ver 7. Figure 461 illustrates a sample configuration using multiple routers figure 461 cisco content engine network configuration using wccp. All right, title and interest in and to the software and. Ip range filtering based on tiers will work based on tier address spaces just as filtering does now.
1571 1509 614 1376 1412 1608 369 1139 1634 218 747 904 327 1553 310 1132 18 622 1613 822 922 391 853 988 979 615 1320 342 180