Configure the proxysg to accept wccpredirected traffic. Originally founded as cacheflow, the company changed its name to blue coat in 2002 to reflect its new emphasis on enterprise security, invoking the image of a baseball umpires uniform. Hi, ive recently started testing a setup using wccp v2 on cisco routers with squid. Help me get wccp working between cisco and blue coat. Bluecoat proxysg consultancy journey of an it professional. Wccp in the cisco ios configuration fundamentals configuration guide, release 12. Founded in 1996, blue coat is now an industry leader in the field of advanced enterprise security. Bluecoat software finplan software for financial advisers. Common configuration methods for the websense content gateway wccp configuration starts 28 minutes into this webinar past webinar. All right, title and interest in and to the software and documentation are and shall remain the exclusive property. When i do the wccp configuration on normal switch it works fine.
Web cache communication protocol wccp is a content routing protcol that allows utilization of cisco cache engines or other caches. Bluecoat software has provided us with the platform to expand our business using intuitive and well thought out technology. For more information on wccp redundancy and other advanced configuration options, see the blue coat wccp reference guide. Redirection limitations for wccp on cisco asa article number.
All right, title and interest in and to the software and. We are trying to implement a new bluecoat proxy asg running version. Cisco firewall asa 5512 wccp configuration with web filter oct 31, 2012. Blue coat proxy configurationinstallation errorcodeknowledge. Im confused by the configuration of the wccp on the asa given my understanding of how wccp works on routersswitches. It allows a router running linux to redirect web traffic to a group of squid servers using wccp as the monitoringcontroling protocol. Blue coat systems was a company that provided hardware, software, and services designed for cybersecurity and network management. Between greipsec and ipsec vpn tunnels cisco forum. Ive seen wccp used with squid proxy servers, blue coat web caching and content filtering appliances, and cisco content caching engines.
Protect your users and network from viruses, trojans, worms, spyware and other forms of malicious content even extending protection to users who are not running antivirus software. View doug schaefers professional profile on linkedin. The protocol used is combination of industrystandard esp protocol. Content gateway explicit and transparent proxy deployments. May 25, 2012 cisco firewall asa 5512 wccp configuration with web filter oct 31, 2012. Blue coat wccp placement network engineering stack exchange. Forcontentenginesrunningapplicationandcontentnetworkingsystemacnssoftware,usethewccp customwebcachecommandwiththemaskassignkeywordtoconfiguremaskassignment. Johnson and nathan lee toe identification blue coat proxysg operating system v4. Bluecoat offers solutions that provide the visibility, acceleration and security required to optimize and secure the flow of information to any user, on any network, anywhere. Oct 17, 2018 redirection limitations for wccp on cisco asa article number. It has builtin load balancing, scaling, fault tolerance, and serviceassurance failsafe mechanisms. Very important passage from the ciscomanual the only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance.
Web cache communication protocol wccp is a ciscodeveloped contentrouting protocol. The firewalls have 4 interfaces, today we can only monitor 1 of them lan side due to the limitation of the asa. This wccp sample configuration can be modified to work on a cisco pix or asa firewall. Configure the proxysg to accept wccp redirected traffic. Place your bluecoat thats doing wccp anywhere in your network provided the asa can route to it. Explicit proxy deployment, where the users client software is configured to send requests directly. Im thinking this might be an issue with gre and the routing id, so ive modified the access list on the inside interface facing the proxies t.
Questions 1 where is the best placement of the wccp process given the network layout. Feb 09, 2011 depending upon the configuration of the asa wccp it may also give enhanced caching to the remote sites and reduce bandwidth on the internet connection. Additionally, not every wccpcapable router supports the same versions and feature sets. Configuring wccp v2 with websense content gateway the web. Configure wccp on your cisco ios router techrepublic. This line shown below creates the access list used to define the proxy. Blue coat proxy configurationinstallation posted on may 11, 2016 may 11, 2016 by errorcodeknowledge in bluecoat proxy. When you are implementing wccp it shouldnt be inline.
Before you begin configuring wccp, check the documentation that came with your routerswitch to ensure that it supports. The company had a broad security portfolio including hardware, software and services. I am now creating another wccp group because on my ironport i have 4. Find answers to help me get wccp working between cisco and blue coat from the expert community at experts exchange. Some helpful troublshooting show how and debug commands. Linkedin is the worlds largest business network, helping professionals like doug schaefer discover inside connections to recommended job. Aug 24, 2016 expert dan sullivan examines the blue coat security analytics platform, a security analytics and analysis product designed to capture comprehensive network information and apply targeted security. Depending upon the configuration of the asa wccp it may also give enhanced caching to the remote sites and reduce bandwidth on the internet connection.
Ive setup wccp to redirect to 2 bluecoat sgs using an access list that includes both proxies. Im setting up a config to have wccp with blue coat wan optimizer. Ssl connections will be interrupted when clients that default to tls 1. Proxyav appliances work in tandem with blue coat proxysg appliances and.
Blue coat systems reference guide wccp reference guide for sgos contact. Yes, l2 has less overhead but you shouldnt notice it with a 2800. We delete comments that violate our policy, which we. May 31, 20 this document describes concepts, limitations, and configuration of the web cache coordination protocol wccp on a cisco adaptive security appliance asa. Wccp is a method by which the asa can redirect traffic to a wccp caching. Currently the blue coat adn network is running in explicit mode, in this configuration all acceleration traffic is set to be sent directly to the core sg810 using a proprietary port 3305. Dec 27, 2018 this wccp sample configuration can be modified to work on a cisco pix or asa firewall. Blue coat provides caching solutions in internet service provider isp environments to improve user experience and upstream bandwidth savings. This document describes concepts, limitations, and configuration of the web cache coordination protocol wccp on a cisco adaptive security appliance asa. Wccp is available on select cisco routers and switches only.
Configexamplesinterceptciscoasawccp2 squid web proxy wiki. The blue coat solution also enables content filtering options for regulatory or cultural reasons. The blue coat certified proxysg professional bccpp course is intended for it professionals who wish to master the advance features of the blue coat proxysg. Asa crashes with wccp configured and huge ipv6 packets which require. The following behaviors are observed when this issue occurs. View realtime stock prices and stock quotes for a full financial overview. I need to roll out a bluecoat as a wccp for a asa 5520. Is there any other port number which could be used instead on 8070, or it is the one to be used for. To allow the wccp traffic through the security gateway, create a specific service for udp port 2048 relevant for wccp v1. Configuring wccp v2 with websense content gateway the. It is a standard developed by blue coat to communicate between proxysg and other blue coat appliances c. Redirecting remoteaccess vpn traffic to bluecoat web proxy.
This limitation gives that your clients needs to be at the same firewallleg as the wccpproxy. Pan128269 pa5250, pa5260, and pa5280 firewalls with 100gb aoc cables only fixed an issue where after you upgraded the first peer in a high availability ha configuration to panos 8. Section wccpv2 and wccp enhancements in the feature guide for cisco ios software releases. I am currently trying to enable wccp between a cisco asa 5512 firewall and barraccuda webfilter 410 vx applicance. Buy renew bluecoat firewall dealer comprompt solutions llp. Blue coat proxysg 810 series sg810 1 0 security appliance series sign in to comment. May 11, 2016 blue coat proxy configurationinstallation posted on may 11, 2016 may 11, 2016 by errorcodeknowledge in bluecoat proxy. They are same as wccp configuration except for wccp specific config. A group policy that points to a pac file for configuration changes is a best practice for. Wccp peering, ingress redirection, egress redirection. For example, suppose wccp is being used on a cisco asa to redirect traffic to the proxy, using the following acl.
Cisco roll out a bluecoat as a wccp for a asa 5520. Expert dan sullivan examines the blue coat security analytics platform, a security analytics and analysis product designed to capture comprehensive network information and apply targeted security. Wccp supports multiple points of redirection and multiple proxysg appliances and can load balance among them. Blue coat and kaspersky lab blue coat content analysis system cas, powered by kaspersky security technologies, is a layered platform that offers you the best protection against known, unknown, and targeted attacks. I currently have wccp redirection setup on my asa 5520 to redirect to an ironport on ip address 10.
It is an approach used by media servers for digital rights management no. In addition, you cannot include a check point security gateway in a wccp service group. Web cache communication protocol wccp is a ciscodeveloped contentrouting protocol that provides a mechanism to redirect traffic flows in realtime. All content is posted anonymously by employees working at blue coat systems. Blue coat certified proxysg professional bccpp tmb learning. This all works well and the service identifier im using for wccp is 95. Verifying the wccp configuration from the management console. I cant see your topology out of your question but if the asa is in the path between the clients and. Blue coat systems is a leading provider of web security and wan optimization solutions. All 3 hosts, asa gateway and 2 proxies are in the same vlan. I am getting ready to start a project to move wccp off of the lan side interface of the firewall onto our core 6509s. Cisco firewall service modules fwsms do not support wccp. Wccp is a method by which the asa can redirect traffic to a wccp caching engine through a generic routing encapsulation gre tunnel. Hi, i am facing some issue with bluecoat for caching.
Forcontentenginesrunningapplicationandcontentnetworkingsystemacns software,usethewccp customwebcachecommandwiththemaskassignkeywordtoconfiguremaskassignment. Finplan is a great allround tool helping us manage compliance, crm, portals and accounts as well as our client data. In 2016, it was acquired by and folded into symantec. Find answers to help me get wccp working between cisco and blue coat from the expert community at.
Apr 12, 2007 configure wccp on your cisco ios router. Gns3 the software that empowers network professionals. I cant see your topology out of your question but if the asa is in the path between the clients and the bluecoat, that is probably why it doesn. Blue coat systems reference guide wccp reference guide for sgos 5. This was a showstopper for us, glad they were able to sort this one out. Doug schaefer warrington, pennsylvania professional. This document describes how to configure the web cache communication protocol wccp for the cisco adaptive security appliance asa through the cisco web security appliance wsa. I believe the asa has to be layer 2 adjacent to the wccp proxy for. Between greipsec and ipsec vpn tunnels cisco forum faq. Check point does not support the web cache communication protocol wccp. Complete these steps in order to configure the wccp for the asa. Mar 26, 2011 i currently have wccp redirection setup on my asa 5520 to redirect to an ironport on ip address 10. Deployments range from small isps to tier1 providers that utilize dozens of blue coat proxy appliances.
1405 3 139 1374 1000 11 889 741 962 951 51 1375 850 89 1553 830 345 1539 1016 1085 1047 991 676 850 762 727 307 1406 1464 1234 1043 18 166 261 847 469 1474 1352 1361 896 1481 974 694 502 571 1398