WCCP

From Secure Web Gateway
Share/Save/Bookmark
Revision as of 18:52, 27 October 2018 by Santosh.thorat (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

Use WCCP routers to enforce transparent proxy.

Stop setting proxy in client browsers and transparently redirect traffic flows in real-time.

Global

Wccp-global.jpg

Enabled

Enable or Disable this section.

  • TRUE : Enable transparent redirection.
  • FALSE : Disable transparent redirection.

WCCP Policies

Configure policies to use wccp v1 or wccp v2 or both.

Wccp-policy1.jpg

Enabled

Enable or Disable this Policy.

  • TRUE : Enable this entry.
  • FALSE : Disable this entry.

Comment

For documentation, and future references, explainthe relevance of this entry with your policies.

That is, by reading the policies, a future user can understand the purpose of that entry.

Proxy host

A regular expression pattern matching the proxy hosts this entry applies to, useful if a single configuration file is shared between several proxy servers.

WCCP Version

Select WCCP version.

  • WCCPV1 : WCCP version 1 will be used for this entry.
  • WCCPV2 : WCCP version 2 will be used for this entry.

Router IP Address

Enter router IP address(s) to interact safesquid with that router(s) for transparent redirection.

WCCP v1 can have only single router for one service group.

WCCP v2 can have multiple routers for one service group.

Application Protocol

Select which type of traffic should be redirected. Based on this selection only the traffic redirect to the safesquid from the routers in the service group.

A regular expression matching the protocol this entry applies to; leave it empty to match any protocol.

The Protocols could be: http => Simple HTTP based GET or POST requests ftp => Browser based access to FTP sites connect => SSL or tunneling (over HTTP) requests made by browsers for https sites, or FTP connections made by FTP-client utilities, or other utilities like PuTTy.

Examples : http => simple http connections http|ftp => all browser-based simple http or ftp connections ftp|connect => all forms of ftp based connections http|connect => all http and tunneling requests

  • HTTP : The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext.
  • HTTPS : Hypertext Transfer Protocol Secure HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The security of HTTPS is therefore the one of the underlying TLS, which uses long term public and secret keys to exchange a short term session key to encrypt the data flow between client and server.
  • FTP : File Transfer Protocol(FTP) is a standard network protocol used to transfer files from one host to another host over a TCP based network, such as the Internet. FTP is built on a client - server architecture and uses separate control and data connections between the client and the server.
  • SFTP : SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It was designed by the Internet Engineering Task Force(IETF) as an extension of the Secure Shell protocol(SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols. This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.

Service Type

Select the service type. Well known services are known services. You need not to define them. If you select dynamic services, you need to describe service group with service id and other parameters.

  • WELLKNOWN : Service is well known service. No need mention service group details.
  • DYNAMIC : Service is Dynamic service. Mention service group details.

Service Group ID

Specify the service id of the service group the value should be in between 97 and 255.

Service Group Name

Enter the Service group name

Security

Select security options for packet authorization. If you select no security you need not to enter password field. If you select md5security then you need to provide encrypted password that will be used for packet authentication with in service group.

  • MD5SECURITY : Provide MD5 security to the packets travelling with in the Service Group.
  • NOSECURITY : No security to the packets travelling with in the Service Group.

Encrypted Password

Enter the Encrypted password for simple packet authentication.

Acceptable Forward Method

Select forward method. Method by which router transfer packets to the safesquid. Default it is GRE you can select Layer2 also but architectures should support it.

  • GRE : GRE forward method will be used by SafeSquid. If GRE forward method not supported by the router, then SafeSquid will negotiate with router.
  • L2 : L2 forward method will be used by SafeSquid. If L2 forward method not supported by the router, then SafeSquid will negotiate with router.

Acceptable Assignment Method

Select assignment method. Method that is used by safesquid when it becomes designated proxy. Default it is hash assignment and you can also select mask assignment.

  • HASH : HASH assignment method will be used by SafeSquid. If HASH assignment method not supported by the router, then SafeSquid will negotiate with router.
  • MASK : MASK assignment method will be used by SafeSquid. If MASK assignment method not supported by the router then SafeSquid will negotiate with router.

Acceptable Packet Return Method

Select packet_return_method. Method that is used by safesquid to return packets to router. Default it is GRE you can also select layer2. but when you select layer2 as assignment you should not select GRE as return method.

  • GRE : GRE forward method will be used by SafeSquid. If GRE forward method not supported by the router, then SafeSquid will negotiate with router.
  • L2 : L2 forward method will be used by SafeSquid. If L2 forward method not supported by the router, then SafeSquid will negotiate with router.

Ports

WCCP2 allows to use 8 ports. You can give 8 separate ports or range of ports. A comma separated list of ports or port ranges this entry applies to.

Network Protocol

Select network_protocol. SafeSquid will inform selection to router.

  • TCP : SafeSquid will inform Router that it should redirect TCP packets.
  • UDP : SafeSquid will inform Router that it should redirect UDP packets.

Webcache IP Address

Enter SafeSquid IP address(s) to interact wccp router(s) for transparent redirection.