12.6.7. Configuring WCCP

enabled

Enable/disable the service group:

• on.

• off.

name

WCCP service group name.

description

A description of the service group.

password

The password to authenticate UserGate in the service group. The password must match the one specified on the WCCP servers.

fwd-type

Forwarding type from WCCP servers to UserGate:

• l2: using L2 redirection. In this case, the router (WCCP server) replaces the destination MAC address in the packet with the UserGate address.

• gre: using the GRE (Generic Routing Encapsulation) tunnel.

L2 redirection generally requires fewer resources than GRE, but the WCCP server and UserGate must reside in the same L2 segment. Not all WCCP server types support L2 redirection with WCCP clients.

ret-type

Forwarding type from UserGate to WCCP servers:

• l2: using L2 redirection. In this case, UserGate (the WCCP client) changes the destination MAC address in the packet to that of the WCCP server.

• gre: using the GRE (Generic Routing Encapsulation) tunnel.

L2 redirection generally requires fewer resources than GRE, but the WCCP server and UserGate must reside in the same L2 segment. Not all WCCP server types support L2 redirection with WCCP clients.

service-group

The numeric ID of the service group. Service group IDs must be identical on all devices in the group.

priority

The group's priority. If multiple service groups are applicable to the traffic managed by the WCCP server, the priority determines the order in which the server will distribute traffic to the WCCP clients.

ports-to-redirect

Ports to redirect (traffic destination ports). You can specify several ports, if necessary. Format: ports-to-redirect + [ 80 442 ].

Important! UserGate can only apply filtering to redirected TCP traffic with destination ports 80 and 443 (HTTP/HTTPS). Traffic sent to UserGate through other ports is sent to the Internet unfiltered.

ports-source

Redirection of traffic based on the source port values:

• on.

• off.

protocol

Select a protocol:

• tcp: Transmission Control Protocol (TCP).

• udp: User Datagram Protocol (UDP).

routers-lists

List of WCCP server IP addresses.

For more details about how to create IP address lists using CLI, see Configuring IP addresses.

routers-ips

WCCP server IP addresses.

assignment-type

When there are multiple WCCP clients in a service group, the assignment type determines how traffic is distributed from the WCCP servers to the WCCP clients.

• wccp-hash: distribute traffic based on the hash calculated by the specified IP packet fields:

  • source-ip: calculate the hash based on the source IP address.

  • source-port: calculate the hash based on the source port.

  • dest-ip: calculate the hash based on the destination IP address.

  • dest-port: calculate the hash based on the destination port.

  • alt-source-ip: calculate an alternate hash based on the source IP address.

  • alt-source-port: calculate an alternate hash based on the source port.

  • alt-dest-ip: calculate an alternate hash based on the destination IP address.

  • alt-dest-port: calculate an alternate hash based on the destination port.

• wccp-mask: distribute traffic based on the AND operation between the mask and the selected packet header. When selecting a mask, consult the vendor documentation for the WCCP server.

  • wccp-scheme: mask scheme:

    • source-ip: by the source IP address.

    • source-port: by the source port.

    • dest-ip: by the destination IP address.

    • dest-port: by the destination port.

  • mask-value: mask value for the mask scheme. 16 bits for masking by port, and 32 bits for masking by IP address. Specify the value in hexadecimal format.