Fortinet white logo
Fortinet white logo

Handbook

Configuring WCCP

Configuring WCCP

Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. The FortiADC supports Version 2 (WCCPv2).

With WCCP, the FortiADC can forward client traffic to WCCP compatible devices, where additional actions will be performed (that are not native to the FortiADC), and then, after undergoing these processes, the traffic will be sent back to the FortiADC.

To configure a WCCP object:

  1. Go to System > WCCP.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration according to the table below.
  4. Click save.
  5. Go to Networking > Interface. Select an interface and open the dialogue.
  6. Under Mode Specifics, find the WCCP button, and click On. (Default is off).
  7. Click save.
  8. Go to Server Load Balance > Virtual Server.
  9. Select a virtual server. Go to Monitoring.
  10. Enable the WCCP button, click on.
Only Layer 7 Virtual Servers are supported.

WCCP configuration

Settings Description

Service ID

Name of the service group. Range 0-255.

Authentication

  • Disable—No password is required. Default.
  • Enable—Opens up a text box. Specify the password.

Forward Method

  • GRE—Encapsulates the intercepted packet in an IP GRE header with a source IP address of the WCCP server and a destination IP address of the target WCCP client. This allows the WCCP server to be multiple Layer 3 hops away from the WCCP client.
  • L2—Rewrites the destination MAC address of the intercepted packet to equal the MAC address of the target WCCP client. L2 forwarding requires that the WCCP server is Layer 2 adjacent to the WCCP client.
  • any—Cache server determines the method.

Return Method

    Defines how a cache server declines a redirected packet, and returns it to the FortiADC (see forward-method above for option descriptions).

Assignment Method

Defines which assignment method the FortiADC prefers:

  • HASH—A hash key based on any combination of the source and destination IP and port of the packet.
  • MASK—A mask value specified with a maximum of 7 bits and, like the hash key, can be configured to cover both the source and destination address space.
  • any—Cache server determines the method.

Group Address

.

IP multicast address used by the cache routers. The default, 0.0.0.0, means the FortiADC will ignore multicast WCCP traffic. Otherwise, set the address between 244.0.0.0 to 239.255.255.255.

Router ID

IP address known to all cache engines, and identifies an interface on the FortiADC to the cache engines. If all cache engines connect to the same FortiADC interface, use the default address of 0.0.0.0. However, if the cache engines can connect to different FortiADC interfaces, you must set router-id to a specific IP address, which must then be added to the configuration of the cache engines that connect to that interface.

Server List

IP address and netmask for up to four cache servers.

Configuring WCCP

Configuring WCCP

Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. The FortiADC supports Version 2 (WCCPv2).

With WCCP, the FortiADC can forward client traffic to WCCP compatible devices, where additional actions will be performed (that are not native to the FortiADC), and then, after undergoing these processes, the traffic will be sent back to the FortiADC.

To configure a WCCP object:

  1. Go to System > WCCP.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration according to the table below.
  4. Click save.
  5. Go to Networking > Interface. Select an interface and open the dialogue.
  6. Under Mode Specifics, find the WCCP button, and click On. (Default is off).
  7. Click save.
  8. Go to Server Load Balance > Virtual Server.
  9. Select a virtual server. Go to Monitoring.
  10. Enable the WCCP button, click on.
Only Layer 7 Virtual Servers are supported.

WCCP configuration

Settings Description

Service ID

Name of the service group. Range 0-255.

Authentication

  • Disable—No password is required. Default.
  • Enable—Opens up a text box. Specify the password.

Forward Method

  • GRE—Encapsulates the intercepted packet in an IP GRE header with a source IP address of the WCCP server and a destination IP address of the target WCCP client. This allows the WCCP server to be multiple Layer 3 hops away from the WCCP client.
  • L2—Rewrites the destination MAC address of the intercepted packet to equal the MAC address of the target WCCP client. L2 forwarding requires that the WCCP server is Layer 2 adjacent to the WCCP client.
  • any—Cache server determines the method.

Return Method

    Defines how a cache server declines a redirected packet, and returns it to the FortiADC (see forward-method above for option descriptions).

Assignment Method

Defines which assignment method the FortiADC prefers:

  • HASH—A hash key based on any combination of the source and destination IP and port of the packet.
  • MASK—A mask value specified with a maximum of 7 bits and, like the hash key, can be configured to cover both the source and destination address space.
  • any—Cache server determines the method.

Group Address

.

IP multicast address used by the cache routers. The default, 0.0.0.0, means the FortiADC will ignore multicast WCCP traffic. Otherwise, set the address between 244.0.0.0 to 239.255.255.255.

Router ID

IP address known to all cache engines, and identifies an interface on the FortiADC to the cache engines. If all cache engines connect to the same FortiADC interface, use the default address of 0.0.0.0. However, if the cache engines can connect to different FortiADC interfaces, you must set router-id to a specific IP address, which must then be added to the configuration of the cache engines that connect to that interface.

Server List

IP address and netmask for up to four cache servers.