Web Cache Communication Protocol (WCCP) is a content redirection protocol developed by Cisco. It provides a mechanism for real-time traffic flow redistribution and has native scaling, load balancing, and high availability features. When WCCP is used, the WCCP server receives an HTTP request from a client browser and redirects it to one or more WCCP clients. A WCCP client receives data from the Internet and returns it to the client browser. The data can be delivered to the client either through the WCCP server or bypassing it, depending on the routing rules.
UserGate can function as a WCCP client. The WCCP server role is normally fulfilled by the router. You can filter traffic received using WCCP using all available filtering mechanisms.
A WCCP service group is a set of WCCP servers (routers, switches) and clients (UserGate) with common traffic redirection settings. The servers in the same service group must have identical settings.
To configure the WCCP client in UserGate, follow these steps:
|
Task |
Description |
|---|---|
|
Step 1. Configure a WCCP server. |
Configure a WCCP server according to the instructions given in its documentation. |
|
Step 2. Configure WCCP service groups. |
In the UserGate console, go to the Network --> WCCP section, click Add and create one or more WCCP service groups. |
For each service group, provide these settings:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables this service group. |
|
Name |
The service group name. |
|
Description |
A description of the service group. |
|
Service group |
The numeric ID of the service group. Service group IDs must be identical on all devices in the group. |
|
Priority |
The group's priority. If multiple service groups are applicable to the traffic managed by the WCCP server, the priority determines the order in which the server will distribute traffic to the WCCP clients. |
|
Password |
The password to authenticate UserGate in the service group. The password must match the one specified on the WCCP servers. |
|
Forwarding type |
Determines the forwarding type from WCCP servers to UserGate. Enumerated options:
L2 redirection generally requires fewer resources than GRE, but the WCCP server and UserGate must reside in the same L2 segment. Not all WCCP server types support L2 redirection with WCCP clients. Important! For traffic received via a WCCP tunnel, the client computer's IP address will be used as the source IP, and the source zone will be undefined, therefore you should not explicitly specify the zone in the source zone filtering rules (leave the value Any). |
|
Returning type |
Determines the forwarding type from UserGate to WCCP servers. Enumerated options:
L2 redirection generally requires fewer resources than GRE, but the WCCP server and UserGate must reside in the same L2 segment. Not all WCCP server types support L2 redirection with WCCP clients. |
|
Ports to redirect |
The ports to redirect. Specify the destination ports for traffic here. If you need to list multiple ports, separate them with a comma, for example: 80, 442, 8080 If you need to redirect traffic based on source port values, set the Source port checkbox. Important! UserGate can only apply filtering to redirected TCP traffic with destination ports 80 and 443 (HTTP/HTTPS). Traffic sent to UserGate through other ports is sent to the Internet unfiltered. |
|
Protocol |
Specify the protocol as TCP or UDP. |
|
WCCP routers |
Specify the IP addresses of the WCCP servers (routers). |
|
Assignment type |
When there are multiple WCCP clients in a service group, the assignment type determines how traffic is distributed from the WCCP servers to the WCCP clients. The available options are:
|