11-15-2023 09:25 AM
Hello,
As said in the title, I'm looking for redirecting traffic directly to the firewall instead of getting it inspected,
I'm trying to understand proxy functioning in the actual setup, still not sure of my understanding and want to have your input guys
The proxy is operating in Transparent mode, i've noticed few commands in the core switch, I'm assuming they redirect traffic to proxy if the outgoing traffic matches prefixes in a route-map, below the commands:
ip access-list extended WSA
permit tcp 192.168.20.0 0.0.0.255 any eq www
permit tcp 192.168.20.0 0.0.0.255 any eq 443
route-map HTTP-REDIRECT permit 10
match ip address WSA
set ip next-hop 172.16.20.10
I understand it as follows: if the outgoing traffic matches 192.168.20.0 subnet, it will send it to 172.16.20.10 which is the IP address of the proxy (WSA), is that correct.
There's also this :
ip wccp source-interface Loopback1
ip wccp web-cache
ip wccp 92 redirect-list proxy
class-map match-all class-copp-wccp
Somehow, I dont see the "ip wccp redirect in" command, i think it should be there
is my understanding correct?
I have a vlan, only one, that is not reaching the outside network (internet), how can I bypass the proxy to make it reach internet directly. btw, the core switch has a direct path to the FW, so I believe the traffic reaches the firewall and gets redirected to the Proxy (proxy feature disabled in the firewall, a Firepower), I'm trying to understand why that vlan is not reaching internet, no FW policy, nothing, while the others are okey
Thank you for your insights in advance
11-15-2023 09:36 AM
Not sure what device you doing this : Look at the below example to except the IPs WCCP to redirect to proxy.
11-15-2023 10:06 AM
Debug ip policy
Share this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide