Web Cache Communication Protocol (WCCP) is a content redirection protocol developed by Cisco. It provides a mechanism for real-time traffic flow redistribution and has native scaling, load balancing, and high availability features. When WCCP is used, the WCCP server receives an HTTP request from a client browser and redirects it to one or more WCCP clients. A WCCP client receives data from the Internet and returns it to the client browser. The data can be delivered to the client either through the WCCP server or bypassing it, depending on the routing rules.
NGFW can function as a WCCP client. The WCCP server role is normally fulfilled by the router. You can filter traffic received using WCCP using all available filtering mechanisms.
A WCCP service group is a set of WCCP servers (routers, switches) and clients (NGFW) with common traffic redirection settings. The servers in the same service group must have identical settings.
To configure the WCCP client in NGFW, follow these steps:
|
Name |
Description |
|---|---|
|
Step 1. Configure a WCCP server. |
Configure a WCCP server according to the instructions given in its documentation. |
|
Step 2. Configure WCCP service groups. |
In the NGFW console, go to the Network ➜ WCCP section, click Add, and create one or more WCCP service groups. |
For each service group, provide these settings:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables this service group. |
|
Name |
The service group name. |
|
Description |
A description of the service group. |
|
Service group |
The numeric ID of the service group. Service group IDs must be identical on all devices in the group. |
|
Priority |
The group's priority. If multiple service groups are applicable to the traffic managed by the WCCP server, the priority determines the order in which the server will distribute traffic to the WCCP clients. |
|
Password |
The password to authenticate NGFW in the service group. The password must match the one specified on the WCCP servers. |
|
Forwarding type |
Determines the forwarding type from WCCP servers to NGFW. The possible values are:
L2 redirection generally requires fewer resources than GRE, but the WCCP server and NGFW must reside in the same L2 segment. Not all WCCP server types support L2 redirection with WCCP clients. Important! For traffic received via a WCCP tunnel, NGFW will use the client computer's IP address as the source IP, and the source zone will be undefined, therefore you should not explicitly specify the zone in the source zone filtering rules (leave the value Any). |
|
Returning type |
Determines the forwarding type from NGFW to WCCP servers. The possible values are:
L2 redirection generally requires fewer resources than GRE, but the WCCP server and NGFW must reside in the same L2 segment. Not all WCCP server types support L2 redirection with WCCP clients. |
|
Ports to redirect |
The ports to redirect. Specify the destination ports for traffic here. If you need to list multiple ports, separate them with a comma, for example: 80, 442, 8080 To redirect traffic based on source port values, you must select the Source port checkbox. Important! NGFW can only apply filtering to redirected TCP traffic with destination ports 80 and 443 (HTTP/HTTPS). Traffic sent to NGFW through other ports is sent to the Internet unfiltered. |
|
Protocol |
Specify the protocol as TCP or UDP. |
|
WCCP routers |
Specify the IP addresses of the WCCP servers (routers). |
|
Assignment type |
When there are multiple WCCP clients in a service group, the assignment type determines how traffic is distributed from the WCCP servers to the WCCP clients. The available options are:
|