03-28-2012 03:05 AM - edited 03-07-2019 05:49 AM
Does anyone know whta devices support WCCPv2 and have any experience of using it?
03-28-2012 01:20 PM
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/wccp.html#wp1044535
Yes, I have experience using it. Anything in question in particular?
03-28-2012 02:16 PM
Andrew,
WCCP redirects users to a caching appliance of some sort. There are several appliances that support it like web filtering appliances, caching, proxy servers, etc. The general idea is that a user tries to go to a website and that request is intercepted. Once it's intercepted, say for instance on a switches L3 svi, it will redirect to the caching server. The caching server can check credentials etc. You can specify who is redirected, what protocols are redirected, etc.
John
03-29-2012 01:32 AM
Some of our users are able to bypass the firewall by changing the proxy settings in internet explorer. I want all port 80 traffic to go through the firewall. We have mainly 3560 switches and 4948 core switches at the data centre.We have managed routers at each site that connect to MPLS.
Any help would be appreciated
03-29-2012 04:57 AM
Andrew,
Are you trying to redirect your users to your firewall as they come into the switch and not to a caching appliance? Edison may be better versed to answer this question, but I don't believe that can be done. The better solution may be that if you only allow IE to be used on your network, control IE settings by GPO and that way the users can't change settings.
John
Please rate useful posts...
03-29-2012 07:59 AM
A GPO is not possible at the minute due to the amount of different domains etc.
It can through a web filter. I don't understand how to redirect it towards it
03-29-2012 08:32 AM
You can look into PBR for this traffic. As John stated, WCCP is intended as a redirector for Web Caching Engines and the FW isn't it.
03-30-2012 01:23 AM
So I could forward it to the proxy and that would work? The proxy is a Microsoft ISA 2006 and then filter port 80 at the firewall
03-30-2012 03:13 AM
Your proxy needs to be able to support WCCP as a protocol in order for it to work. According to MS site, it doesn't support it:
Problem: The Web Cache Communication Protocol (WCCP) and the Internet Cache Protocol (ICP) are not supported in ISA Server.
Cause: Unsupported.
Solution: No workaround.
http://technet.microsoft.com/en-us/library/cc302678.aspx
Can you provide a diagram of how users are getting around your firewall?
04-24-2012 07:35 AM
They are bypassing the proxy and the webfilter not the firewall. sorry my mistake
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide