simple question. I want to use WCCP for web caching/filtring on my Cisco 4510R-E. Problem is, this switch is only layer 2...all routing is done via Checkpoint firewalls connected to this switch.
My question is : does my switch needs to be the gateway/router to use WCCP or it can work only on layer 2 ?
I've read a lot of doc but I never found this anwser.
Yes, this is a layer 3 feature. WCCP uses IP redirection to achieve transparent redirecting to a proxy server.
One way you could accomplish this, if you really want to keep the majority of routing in your checkpoint firewalls is to create an external transport network on the outside of the firewalls and add one hop through a layer 3 interface on the 4510 before handoff to your ISP. You would have to either have your proxy server outside the firewall (probably not the best idea) or allow special access back in for proxy hits. Of course this complicates your configuration because you need to follow certain conventions to share a device between security contexts like that securely.
My personal preference would be to let the ckeckpoint devices focus on firewalling and bring routing back into the 4510, but this may not be a good fit for your scenario.