Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
231
Views
0
Helpful
3
Replies

Flexconfig for WCCP on FMC Access List Deployment Issue

Jim Matuska
Level 1
Level 1

‎05-15-2024 04:04 PM

We have 2x FTD 2140 Firewalls Managed by FMC that I am trying to get a flexconfig setup for WCCP to use for our Cisco WSA Web Filter.  

This should be a pretty simple configuration as I am just wanting to put the following 2 commands in via Flexconfig

wccp 90 redirect-list WCCP_CLIENTS 
wccp interface inside 90 redirect in

The problem is I put my WCCP_CLIENTS Extended access list in as a network object, however since it is only referenced via flexconfig it doesn't deploy the ACL to the FTD devices and gives the following errors:

FMC >> wccp 90 redirect-list WCCP_CLIENTS NGFW-2140-HA >> [error] : ERROR: Specified ACL (WCCP_CLIENTS) either does not exist or its type is not supported in WCCP. Config Error -- wccp 90 redirect-list WCCP_CLIENTS

Am I putting this ACL in the wrong spot or is there some other way to get this working properly?  I am migrating from old Cisco ASA's that these were just simple commands to put in but it seems much more difficult with FMC and FTD.  

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎05-16-2024 01:50 AM

flex config should be variable - if you have ASA configuration already and want to use same on FTD 

check example with variable :

https://packetjourney.wordpress.com/2019/05/26/firepower-wccp-configuration/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Jim Matuska
Level 1
Level 1

‎05-20-2024 11:48 AM

I followed that link and copied the WCCP Template and modified and added the variables (Extended ACL's) however my preview does not look right as it seems to have bunched my variables all together "WS_GATEWAYWS_REDIRECTInternal#set( $service = "web-cache-90")" which doesn't look right.  My FlexConfig and FlexConfig preview is below.  Do you see what I have wrong?  

FlexConfig Preview

###Flex-config Appended CLI ###
WS_GATEWAYWS_REDIRECTInternal#set( $service = "web-cache-90")

 

wccp $service group-list WS_GATEWAY redirect-list WS_REDIRECT

FLEXConfig Below:

$wccpGroupList$wccpRedirectList$security-zone#set( $service = "web-cache-90") 
 #if( $isServiceIdentifier == "true") 
 #set( $service = "$serviceIdentifier") 
 #end 
 #set ( $wccpCli = "wccp") 
 #set ( $wccpCli = "$wccpCli $service") 
 ####wccpGroupList is place-holder for extended ACL. 
 ####Replace wccpGroupList with extended ACL defined in FMC by inserting policy-object of type extended ACL. 
 #if( $wccpGroupList ) 
 #set( $wccpCli = "$wccpCli group-list $wccpGroupList") 
 #end 
 ####wccpRedirectList is place-holder for extended ACL. 
 ####Replace wccpRedirectList with extended ACL defined in FMC by inserting policy-object of type extended ACL. 
 #if( $wccpRedirectList ) 
 #set( $wccpCli = "$wccpCli redirect-list $wccpRedirectList") 
 #end 
 
 
 $wccpCli 
 
 #### Assiging wccp onto interface 
 #foreach( $interfaceName in $security-zone) 
 wccp interface $interfaceName $service redirect in 
 #end

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card