system wccp
Use this command to configure FortiWeb as a Web Cache Communication Protocol (WCCP) client. This configuration allows a FortiGate configured as a WCCP server to redirect HTTP and HTTPS traffic to FortiWeb for inspection.
If your WCCP configuration includes multiple WCCP clients, the WCCP server can balance the traffic load among the clients. In addition, it detects when a client fails and redirects sessions to clients that are still available.
WCCP was originally designed to provide web caching with load balancing and fault tolerance and is described by the Web Cache Communication Protocol Internet draft.
This feature requires the operation mode to be WCCP. For details, see system settings.
For information on connecting and configuring your network devices for WCCP mode, see the FortiWeb Administration Guide:
https://docs.fortinet.com/document/fortiweb
For detailed information on configuring FortiGate and other Fortinet devices to act as a WCCP service group, see the FortiGate WCCP topic in the (Undefined variable: FortinetVariables.ProductName7) Handbook:
https://docs.fortinet.com/fortigate/admin-guides
Syntax
config system wccp
edit service-id <service-id_int>
set cache-id "<cache-id_ipv4>"
set router-list "<router-list_ipv4>"
set group-address "<group-address_ipv4>"
set authentication {enable | disable}
set cache-engine-method {GRE | L2}
set primary-hash [src-ip | dst-ip | src-port | dst-port}
set assignment-weight <assignment-weight_int>
set assignment-bucket-format {ciso-implementation | wccp-v2}
set return-to-sender {enable | disable}
end
Variable | Description | Default |
Enter the service ID of the WCCP service group that this WCCP client belongs to.
For HTTP traffic, the service ID is 0. For other types of traffic (for example, HTTPS), the valid range is 51–256. Do not use 1–50, which are reserved by the WCCP standard. |
51
|
|
Enter the IP address of the FortiWeb interface that communicates with the WCCP server.
Ensure that the WCCP protocol is enabled for the specified network interface. For details, see system settings. |
No default. | |
Enter the IP addresses of the WCCP servers in the WCCP service group. You can specify up to 8 servers. To configure more than 8 WCCP servers, use Group Address instead. |
No default. | |
Enter the IP addresses of the clients for multicast WCCP configurations. The multicast address allows you to configure a WCCP service group with more than 8 WCCP clients. The valid range of multicast addresses is 224.0.0.0–239.256.256.256. |
No default. | |
Specify whether communication between the WCCP server and client is encrypted using the MD5 cryptographic hash function. | disable
|
|
Enter the password used by the WCCP server and clients. All servers and clients in the group use the same password. The maximum password length is 8 characters. Available only when authentication {enable | disable} is enabled . |
No default. | |
Enter how the FortiGate unit transmits traffic to FortiWeb:
|
GRE
|
|
Enter the port numbers of the sessions that this client inspects.
The valid range is 0–65535. Enter 0 to specify all ports. |
80
|
|
Enter the hashing scheme that the WCCP server uses in combination with Specify one or more of the following values:
|
src-ip dst-ip
|
|
Enter a value that specifies the priority that this service group has. If more than one service group is available to scan the traffic specified by ports and protocol , the WCCP server transmits all the traffic to the service group with the highest priority value. |
0
|
|
Enter the protocol of the network traffic the WCCP service group transmits.
For TCP sessions, enter 6 .Valid values are 0–256. |
6
|
|
Enter a value that the WCCP server uses in combination with primary-hash to direct traffic, when the WCCP service group has more than one WCCP client.
The valid range is 0–256. |
0
|
|
Enter the hash table bucket format for the WCCP cache engine.
|
ciso-implementation
|
|
Specify whether FortiWeb routes traffic back to the client instead of the WCCP server. | disable
|
Example
This example configures FortiWeb as a WCCP client that belongs to the WCCP service group 52 and specifies the interface used for WCCP client functionality (192.0.2.100
) and the WCCP server (192.0.2.1
).
config system wccp
edit service-id 52
set cache-id "192.0.2.100"
set router-list "192.0.2.1"
set ports 80 443
set primary-hash src-ip dst-ip