- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2018 02:35 AM
Pravin Raj K
Network Engineer
Solved! Go to Solution.
- Labels:
-
Web Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2018 10:15 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2018 03:34 AM
You need explain more about your environment, how you have configured WSA as proxy.
1. is this WCCP
2. Explicit Proxy
any topology of diagram which can help to guide better.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2018 05:06 AM
Pravin Raj K
Network Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2018 06:02 AM
Ok you have WCCP and Proxy explicit configured. how does that work for you ?
when you configure Explicit configure, the client request replaced by proxy by default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2018 05:44 AM
Hey,
Im new to cisco proxy and im unsure about WCCP and Proxy explicit even. I need to learn this quick
Pravin Raj K
Network Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2018 07:53 AM
PAC aka explicit proxy
WCCP aka transparent redirection
Start with picking one to troubleshoot....
For PAC, request goes to WSA directly, WSA gets traffic back from website, and returns it to client.
For WCCP, firewall and WSA have a gre tunnel where the traffic gets sent to the WSA, WSA makes request and sends it back to the client.
Some common issues:
Make the access list for WCCP has a deny on the WSA's ip, so you don't end up redirecting the WSA traffic back to itself.
Make sure that FTD trusts the WSA's outbound traffic for 80/443, you don't need or want it to filter the traffic again, one that's load it doesn't need, 2 if there are conflicts (WSA allows a category, FTD blocks it, or FTD's category is slightly different), you end up chasing things in circles.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2018 05:47 AM
Thanks Ken,
Since I'm new to WSA, I have seen PAC file and the rules written over it.
And WCCP im unsure about it, is wccp a hardware or it is a feature that runs on WSA.....
And I understand the troubleshooting part.... thank you for that
Pravin Raj K
Network Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2018 08:48 AM
WCCP works for all OS/browsers/apps, without worrying about if they support PAC or proxy at all.
We don't even bother with explicit proxy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2018 08:41 AM
So, WCCP is like ACL that tells web traffics to redirect to proxy WSA appliance, right?
Pravin Raj K
Network Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2018 10:15 AM
