cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 4

Basic Proxy Function (Transparent via WCCP)

Jump to solution

Environment: We have a cluster of MWG systems transparently in-path for all of our HTTP/S and FTP traffic via WCCP.  Our MWG network configuration settings include enable Proxy (optional WCCP) and HTTP proxy settings.

Question: When our rulesets "whitelist" certain traffic by using the "stop cycle" event (skipping user authentication, SSL handling, web policy, etc.), are we still performing the fundamental proxying of the TCP session?  Is this traffic still using the (default) HTTP/TCP session management policies from the MWG that are a function of a proxy?  Or, does a stop cycle whitelist skip the proxy functionality and somehow the MWG just routes the TCP traffic out without proxying?

I have attempted to review relevant sections of chapters 1-4 of the product guide and I don't find any explicit answer to this question.  However, I believe that the implied information is that all associated traffic is proxied with this configuration.

This question stems from a configuration "debate" between our engineers on how to correctly handle configuration when certain sites require special HTTP session management policies.  Do we whitelist the site and skip all policies and management?  Or, do we proceed through the rulesets and therein apply proxy control overrides for special session management (such as timeouts)?

This is a pretty basic (and possibly obvious) question.  Surprisingly, it has sparked debate amongst engineers that have managed/configured with the mwg for a couple years.

Thank you in advance.

1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 4

Re: Basic Proxy Function (Transparent via WCCP)

Jump to solution

Hi again!

If you whitelist a site, its still passing through the proxy and therefore still applicable to any proxy timeouts. If you want to bypass it from everything on the Web Gateway, you'd need to create an ACL on the cisco device to bypass it from WCCP altogether.


Best Regards,

Jon

View solution in original post

3 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 4

Re: Basic Proxy Function (Transparent via WCCP)

Jump to solution

Hi again!

If you whitelist a site, its still passing through the proxy and therefore still applicable to any proxy timeouts. If you want to bypass it from everything on the Web Gateway, you'd need to create an ACL on the cisco device to bypass it from WCCP altogether.


Best Regards,

Jon

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: Basic Proxy Function (Transparent via WCCP)

Jump to solution

When I said proxy timeouts, thats just one example of "fundamental proxying" as you asked above.

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 4

Re: Basic Proxy Function (Transparent via WCCP)

Jump to solution

Jon, thank you...that is as I expected.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community