Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1802
Views
0
Helpful
9
Replies

WSA, Proxies.

Go to solution
Pravin Raj Kanagaraj
Level 1
Level 1

‎11-20-2018 02:35 AM

Hi, I'm new to WSA, Proxies. Can somebody explain me how the traffic flows across Cisco proxy, FTD and to end machines. I'm finding difficulties in troubleshooting issues in my work since the cisco proxy replaces the source ip of client machines. If you need any questions to get clearer picture, don't hesitate to ask. Thank you. Regards, Pravin Raj K
Regards,
Pravin Raj K
Network Engineer
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to Pravin Raj Kanagaraj

‎11-24-2018 10:15 AM

It's a service that redirects traffic to the WSA, controlled by ACL.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-20-2018 03:34 AM

You need explain more about your environment, how you have configured WSA as proxy.

 

1. is this WCCP

2. Explicit Proxy 

 

any topology of diagram which can help to guide better.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Pravin Raj Kanagaraj
Level 1
Level 1
In response to balaji.bandi

‎11-20-2018 05:06 AM

1. is this WCCP - yes 2. Explicit Proxy - yes About the environment, Client machine --> Cisco proxy (PAC file) --> WCCP ACL -->Cisco FTD --> Internet
Regards,
Pravin Raj K
Network Engineer
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Pravin Raj Kanagaraj

‎11-20-2018 06:02 AM

Ok you have WCCP and Proxy explicit configured. how does that work for you ?

when you configure Explicit configure, the client request replaced by proxy by default.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Pravin Raj Kanagaraj
Level 1
Level 1
In response to balaji.bandi

‎11-22-2018 05:44 AM

Hey,

 

Im new to cisco proxy and im unsure about WCCP and Proxy explicit even. I need to learn this quick

Regards,
Pravin Raj K
Network Engineer
0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎11-20-2018 07:53 AM

>From your other email, you've got traffic redirected to the WSA 2 ways.

PAC aka explicit proxy

WCCP aka transparent redirection



Start with picking one to troubleshoot....



For PAC, request goes to WSA directly, WSA gets traffic back from website, and returns it to client.



For WCCP, firewall and WSA have a gre tunnel where the traffic gets sent to the WSA, WSA makes request and sends it back to the client.



Some common issues:

Make the access list for WCCP has a deny on the WSA's ip, so you don't end up redirecting the WSA traffic back to itself.

Make sure that FTD trusts the WSA's outbound traffic for 80/443, you don't need or want it to filter the traffic again, one that's load it doesn't need, 2 if there are conflicts (WSA allows a category, FTD blocks it, or FTD's category is slightly different), you end up chasing things in circles.










0 Helpful

Go to solution
Pravin Raj Kanagaraj
Level 1
Level 1
In response to Ken Stieers

‎11-22-2018 05:47 AM

Thanks Ken, 

 

Since I'm new to WSA, I have seen PAC file and the rules written over it.

And WCCP im unsure about it, is wccp a hardware or it is a feature that runs on WSA.....

 

 

And I understand the troubleshooting part.... thank you for that

Regards,
Pravin Raj K
Network Engineer
0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to Pravin Raj Kanagaraj

‎11-22-2018 08:48 AM

WCCP (Web cache control protocol) is a protocol that runs on a router or firewall. I think of it as "publishing a service" that the WSA subscribes to.

WCCP works for all OS/browsers/apps, without worrying about if they support PAC or proxy at all.

We don't even bother with explicit proxy.


0 Helpful

Go to solution
Pravin Raj Kanagaraj
Level 1
Level 1
In response to Ken Stieers

‎11-24-2018 08:41 AM

So, WCCP is like ACL that tells web traffics to redirect to proxy WSA appliance, right?

Regards,
Pravin Raj K
Network Engineer
0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to Pravin Raj Kanagaraj

‎11-24-2018 10:15 AM

It's a service that redirects traffic to the WSA, controlled by ACL.
0 Helpful
Customers Also Viewed These Support Documents