Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1079
Views
0
Helpful
2
Replies

WCCP on 4510R-E

Go to solution
Vinny
Level 1
Level 1

‎09-28-2010 06:27 AM - edited ‎03-06-2019 01:13 PM

Hello,

simple question. I want to use WCCP for web caching/filtring on my Cisco 4510R-E. Problem is, this switch is only layer 2...all routing is done via Checkpoint firewalls connected to this switch.

My question is : does my switch needs to be the gateway/router to use WCCP  or it can work only on layer 2 ?

I've read a lot of doc but I never found this anwser.

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Masker
Level 1
Level 1

‎09-28-2010 07:42 AM

Yes, this is a layer 3 feature. WCCP uses IP redirection to achieve transparent redirecting to a proxy server.

One way you could accomplish this, if you really want to keep the majority of routing in your checkpoint firewalls is to create an external transport network on the outside of the firewalls and add one hop through a layer 3 interface on the 4510 before handoff to your ISP.  You would have to either have your proxy server outside the firewall (probably not the best idea) or allow special access back in for proxy hits. Of course this complicates your configuration because you need to follow certain conventions to share a device between security contexts like that securely.

My personal preference would be to let the ckeckpoint devices focus on firewalling and bring routing back into the 4510, but this may not be a good fit for your scenario.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jason Masker
Level 1
Level 1

‎09-28-2010 07:42 AM

Yes, this is a layer 3 feature. WCCP uses IP redirection to achieve transparent redirecting to a proxy server.

One way you could accomplish this, if you really want to keep the majority of routing in your checkpoint firewalls is to create an external transport network on the outside of the firewalls and add one hop through a layer 3 interface on the 4510 before handoff to your ISP.  You would have to either have your proxy server outside the firewall (probably not the best idea) or allow special access back in for proxy hits. Of course this complicates your configuration because you need to follow certain conventions to share a device between security contexts like that securely.

My personal preference would be to let the ckeckpoint devices focus on firewalling and bring routing back into the 4510, but this may not be a good fit for your scenario.

0 Helpful

Go to solution
Vinny
Level 1
Level 1
In response to Jason Masker

‎09-28-2010 08:05 AM

thank you for anwser !!!

I'll look into this

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card