Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

WSA + Linux iptables

I have a firewall with Iptables where my machines are behind the same. I'm with the WSA configured in the same transparent LAN iptables, I wonder if I forward all traffic tcp/80 and TCP/443 for IronPort, I can make it work seamlessly. Is this possible? I did some testing in an isolated environment, but without success.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

WSA + Linux iptables

Hi Maiquel,

forwarding (redirecting) the packet to the WSA via L2 is what the WSA User Guide specifis as L2 transparent mode. This should just work as expected. WCCP would be a different protocol which controls more the redirection progress and can be used also to failover. While "plain" L2 transparent forwarding doesn't have any reiablility, WCCP will let you have troubelshooting/alerting when things go wrong.

However, in most cases you go with WCCP together with a IOS Router.

-Stephan

3 REPLIES
Cisco Employee

WSA + Linux iptables

Hi Maiquel,

Are you running WCCP on a firewall for transparent redirection ?

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
New Member

WSA + Linux iptables

Hi Eric, thanks for answer.

no i just do the -j DNAT in Linux Iptables for the WSA. I need configure the Linux for wccp? Or i need have the L3 switch/router/ASA in the midle ?

Thanks.

Cisco Employee

WSA + Linux iptables

Hi Maiquel,

forwarding (redirecting) the packet to the WSA via L2 is what the WSA User Guide specifis as L2 transparent mode. This should just work as expected. WCCP would be a different protocol which controls more the redirection progress and can be used also to failover. While "plain" L2 transparent forwarding doesn't have any reiablility, WCCP will let you have troubelshooting/alerting when things go wrong.

However, in most cases you go with WCCP together with a IOS Router.

-Stephan

386
Views
0
Helpful
3
Replies
CreatePlease login to create content