We're faced with an issue where the Webwasher has an issue that prevents users from accessing the Internet. We have several Cisco devices, including ISRs and ASAs that are peered with the Webwasher via WCCP. We would like to disable WCCP globally on the Webwasher instead of configuring dozens of routers and firewalls, but I've been told that the only way to restore WCCP functionality on the Webwasher once it has been disabled is to reboot the Webwasher and then re-establish WCCP peering with the routers and ASAs.
Is my understanding about WCCP on the Webwasher correct?
If it is not, can anyone point me at documentation that details what steps we need to take to get WCCP working on the Webwasher without a reboot?
Webwasher version 6.9.2 build 13015
What you have been told is correct under certain cirmcumstances.
Lets say you had WCCP up and running. You then decide to turn it off. While it has been off, you have rebooted. If you decide to turn it back on, you must reboot in order for it to work.
Reason being, the OS only initializes the correct iptables rules on boot up if WCCP is on. If WCCP is off, those rules are not enabled.
If you simply disabled WCCP for a moment, then turned it back on, this would not require a reboot as the iptables rules would still be loaded.
The key is to determine if the correct iptables rules are in place. You can check for this by typing the following from the MWG's CLI (over SSH):
iptables -t nat -L
For more info see the basic setup guide:
WCCP Basic Setup Guide - https://kc.mcafee.com/corporate/index?page=content&id=KB63018
In MWG7, initializing the iptables rule for WCCP is done without requiring a reboot.
Hope this helps,