10-08-2021 07:48 AM
Here is the senario, client wants to migrate to FMC/FTD from existing ASA, and on the ASA, there is WCCP enabled to rediect the web trafffic to WSA. FTD has full licenses.
Question 1: is it better to leverage the FTD policy to inspect the web traffic instead of redirecting to WSA with WCCP? - I dont know much about features on WSA, not sure what are the benefits of WSA over FTD to inspect web traffic.
Question 2: if we enable the SSL-Decryption and WCCP both on the FTD, does the Cert re-sign happens before WCCP redirect? - is WCCP still supported on FMC 6.7 via Flexconfig?
Thanks.
Solved! Go to Solution.
10-08-2021 08:16 AM
10-08-2021 08:16 AM
10-08-2021 01:09 PM
Thank you for your advice, Ken.
What if the client wants to add the SSL-Decrytion to certain web traffic? I guess it should be applied on the WSA instead of FTD, correct?
I guess the client does not have SSL-Decrytion enabled on their WSA, which I will confirm with them next week, that is probably why they come up with the idea of decryting traffic on the FTD before redirecting to WSA. But if it is a HTTPS traffic decrypted by FTD, WSA still could not inspect it without SSL-Decrytion enabled. In this case, the best solution would be enabling WCCP on FTD and SSL-Decryption on WSA for the specific traffic, is my understanding correct?
10-08-2021 02:13 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide