Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

WCCP configuration overview

WCCP configuration overview

To configure WCCP, you must create a service group that includes FortiProxy units configured as WCCP servers and FortiProxy units configured as WCCP clients. WCCP servers intercept sessions to be cached (for example, sessions from users browsing the web from a private network). To intercept sessions to be cached, the WCCP server must include a firewall policy that accepts sessions to be cached, and WCCP must be enabled in this firewall policy.

The server must have an interface configured for WCCP communication with WCCP clients. That interface sends and receives encapsulated GRE or L2 traffic to and from WCCP clients. The server must also include a WCCP service group that includes a service ID and the addresses of the WCCP clients, as well as other WCCP configuration options.

To use a FortiProxy unit as a WCCP client, you must configure an interface on the unit for WCCP communication. The client sends and receives encapsulated GRE traffic to and from the WCCP server using this interface.

The client must also include a WCCP service group with a service ID that matches a service ID on the server. The client service group also includes the IP address of the servers in the service group and specifies the port numbers and protocol number of the sessions that will be cached on the FortiProxy unit.

When the client receives sessions from the server on its WCCP interface, it either returns cached content over the WCCP interface or connects to the destination web servers using the appropriate interface, based on the client routing configuration. Content received from web servers is then cached by the client and returned to the WCCP server over the WCCP link. The server then returns the received content to the initial requesting user’s web browser.

Finally, you might also need to configure routing on the FortiProxy server unit and FortiProxy client units, and you might need to add additional firewall policies to the server to accept sessions not cached by WCCP.

Previous
Next

WCCP configuration overview

To configure WCCP, you must create a service group that includes FortiProxy units configured as WCCP servers and FortiProxy units configured as WCCP clients. WCCP servers intercept sessions to be cached (for example, sessions from users browsing the web from a private network). To intercept sessions to be cached, the WCCP server must include a firewall policy that accepts sessions to be cached, and WCCP must be enabled in this firewall policy.

The server must have an interface configured for WCCP communication with WCCP clients. That interface sends and receives encapsulated GRE or L2 traffic to and from WCCP clients. The server must also include a WCCP service group that includes a service ID and the addresses of the WCCP clients, as well as other WCCP configuration options.

To use a FortiProxy unit as a WCCP client, you must configure an interface on the unit for WCCP communication. The client sends and receives encapsulated GRE traffic to and from the WCCP server using this interface.

The client must also include a WCCP service group with a service ID that matches a service ID on the server. The client service group also includes the IP address of the servers in the service group and specifies the port numbers and protocol number of the sessions that will be cached on the FortiProxy unit.

When the client receives sessions from the server on its WCCP interface, it either returns cached content over the WCCP interface or connects to the destination web servers using the appropriate interface, based on the client routing configuration. Content received from web servers is then cached by the client and returned to the WCCP server over the WCCP link. The server then returns the received content to the initial requesting user’s web browser.

Finally, you might also need to configure routing on the FortiProxy server unit and FortiProxy client units, and you might need to add additional firewall policies to the server to accept sessions not cached by WCCP.

Previous
Next