cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


2441
Views
10
Helpful
6
Replies
Highlighted
Beginner

WCCP Redirection on Firepower FTD 4110

Hi Folks,

 

I have one Q regarding WCCP, currently we have FTD as internet facing FW with 3 interface:

 

Inside: connected with another DC FW

Outside: to internet

DMZ : DMZ servers and WSA

 

With above design we have WSA in transparent mode and any request to internet should be redirected by FTD to WSA then to internet excluding any (80,443 as well) requests to DMZ servers .

 

how can i configure WCCP on FTD ,Or is there any other suggestion based on best practise .

 

Thanks

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Beginner

Re: WCCP Redirection on Firepower FTD 4110

I made a copy of the WCCP template and used it as it was, even used the same variable names.  Use the insert button to enter your variables.  Create your ACLs before editing the flex config so they are available to assign when you insert the variable.  Here is a screenshot, again I have not tested this config yet.

 

wccp.PNG

Beginner

Re: WCCP Redirection on Firepower FTD 4110

I was able to do some testing and got the WCCP redirection working, with some TAC help.  The out of the box template had to be modified for this use case. 

This was an FTD 2110 deployment, the client was not ready to use native URL filtering on the FTD, they wanted to continue to use a third party appliance via WCCP redirection.

I used two FlexConfig objects to deploy the configuration for service 0 (http) and service 70 (https).  The FlexConfig deployed this CLI configuration to the FTD.

 

wccp 0 redirect-list WS-Redirect group-list WS-Gateway
wccp 70 redirect-list WS-Redirect group-list WS-Gateway
wccp interface inside 0 redirect in
wccp interface inside 70 redirect in

 

6 REPLIES 6
Beginner

Re: WCCP Redirection on Firepower FTD 4110

You have to use Flex Config. FMC has a template you can copy and modify.  I just did this with 2110, but not tested yet.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/flexconfig_policies.html?bookSearch=true 

Beginner

Re: WCCP Redirection on Firepower FTD 4110

Actually am facing some challenges to customize it ,can you paste what you have done please and replace password or ip with x.x.x.x

Beginner

Re: WCCP Redirection on Firepower FTD 4110

I made a copy of the WCCP template and used it as it was, even used the same variable names.  Use the insert button to enter your variables.  Create your ACLs before editing the flex config so they are available to assign when you insert the variable.  Here is a screenshot, again I have not tested this config yet.

 

wccp.PNG

Beginner

Re: WCCP Redirection on Firepower FTD 4110

When you created your variables, did you have to add one for the inside interface?

Beginner

Re: WCCP Redirection on Firepower FTD 4110

No I didn't, the variable $interfacename was already in the template, just supply the appropriate name in the variables list of the template.  In this use case I used the security zone to reference the appropriate interface. 

Beginner

Re: WCCP Redirection on Firepower FTD 4110

I was able to do some testing and got the WCCP redirection working, with some TAC help.  The out of the box template had to be modified for this use case. 

This was an FTD 2110 deployment, the client was not ready to use native URL filtering on the FTD, they wanted to continue to use a third party appliance via WCCP redirection.

I used two FlexConfig objects to deploy the configuration for service 0 (http) and service 70 (https).  The FlexConfig deployed this CLI configuration to the FTD.

 

wccp 0 redirect-list WS-Redirect group-list WS-Gateway
wccp 70 redirect-list WS-Redirect group-list WS-Gateway
wccp interface inside 0 redirect in
wccp interface inside 70 redirect in