cancel
Showing results for 
Search instead for 
Did you mean: 
chisro
Level 7

wccp network configuration using cisco firewall and traffic port monitoring out of line?

Jump to solution

We have just gotten the 5500 webgateway appliance and I want to know if anyone has managed to get the deployment to work in the following configuration:

We want to have the appliance have one ethernet port used for management to the gui.

The second ethernet port will monitor all traffic on a mirrored switchport.

If a block is required due to rule violation, the mcafee appliance will spoof the web page/traffic with a mcafee block page.

Does anyone know how to set up the WCCP configuration to do that?

How have your results been?

We currently have 3300 appliances in transparent brige mode(works like a charm) but when we have to make changes-it drops traffic and we cannot have that.

Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: wccp network configuration using cisco firewall and traffic port monitoring out of line?

Jump to solution

What you are describing with the mirrored port sounds like an "inspector" type of setup. In this type of setup the Web Gateway would not be able to perform full content scanning, most likley only URL filtering at best. This is not an ideal way to use your 5500 ;-). At the moment there isnt support for a mirrored port configuration to allow for simple URL filtering (correct me if I'm wrong...).

WCCP allows for full content scanning, while it may be a little complex at first to setup, in the end it is a much better solution in my book.

~Jon

5 Replies
McAfee Employee

Re: wccp network configuration using cisco firewall and traffic port monitoring out of line?

Jump to solution

Remove the thought of "mirrored switch port" from your thoughts. You can have two interfaces if you like, but it's not necessary.

What you described is exactly what WCCP does. Please refer to https://kc.mcafee.com/corporate/index?page=content&id=KB63018

For more information for configuring the cisco device see their docs on the matter:

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Co...

WCCP has been around a long time on the Web Gateway and a lot of customers like it's flexability. I like it to compliment direct proxy traffic.

~Jon

0 Kudos
chisro
Level 7

Re: wccp network configuration using cisco firewall and traffic port monitoring out of line?

Jump to solution

Thank you for the info!

I am trying to accomplish exaclty what we are doing with another product(not mcafee product.)

basic layout...

cisco firewall-->cisco switch--> other network montoring devices....

                                   ^-------port mirroring done here

By monitoring a mirrored switch port that sees all traffic, we can keep the device out of line, and as block as required.

The cisco firewall configuration did not have to be modifed.

Just trying to keep it simple!

I was hoping i could do the same with little firewall involvement..

I picked a hell of a day to quit sniffing glue....

0 Kudos
McAfee Employee

Re: wccp network configuration using cisco firewall and traffic port monitoring out of line?

Jump to solution

What you are describing with the mirrored port sounds like an "inspector" type of setup. In this type of setup the Web Gateway would not be able to perform full content scanning, most likley only URL filtering at best. This is not an ideal way to use your 5500 ;-). At the moment there isnt support for a mirrored port configuration to allow for simple URL filtering (correct me if I'm wrong...).

WCCP allows for full content scanning, while it may be a little complex at first to setup, in the end it is a much better solution in my book.

~Jon

chisro
Level 7

Re: wccp network configuration using cisco firewall and traffic port monitoring out of line?

Jump to solution

thank you!

0 Kudos
eelsasser
Level 15

Re: wccp network configuration using cisco firewall and traffic port monitoring out of line?

Jump to solution

You may be confused.

WCCP is not a way to monitor traffic passively on a mirrored switch port. It is a method of redirecting all traffic flow for port 80/443 and redirecting it at layer 2 through the MWG.

It is similar in policy configuration to bridge mode, but the Cisco routers/firewalls do the interception of traffic and redirection. WCCP can be configured to fail open and load share among proxies, whereas bridge mode cannot do that very well.

0 Kudos