3 Replies Latest reply on Nov 6, 2017 4:58 PM by ccooper@ecmc.org

    Basic Proxy Function (Transparent via WCCP)

    ccooper@ecmc.org

      Environment: We have a cluster of MWG systems transparently in-path for all of our HTTP/S and FTP traffic via WCCP.  Our MWG network configuration settings include enable Proxy (optional WCCP) and HTTP proxy settings.

      Question: When our rulesets "whitelist" certain traffic by using the "stop cycle" event (skipping user authentication, SSL handling, web policy, etc.), are we still performing the fundamental proxying of the TCP session?  Is this traffic still using the (default) HTTP/TCP session management policies from the MWG that are a function of a proxy?  Or, does a stop cycle whitelist skip the proxy functionality and somehow the MWG just routes the TCP traffic out without proxying?

       

      I have attempted to review relevant sections of chapters 1-4 of the product guide and I don't find any explicit answer to this question.  However, I believe that the implied information is that all associated traffic is proxied with this configuration.

       

      This question stems from a configuration "debate" between our engineers on how to correctly handle configuration when certain sites require special HTTP session management policies.  Do we whitelist the site and skip all policies and management?  Or, do we proceed through the rulesets and therein apply proxy control overrides for special session management (such as timeouts)?

       

      This is a pretty basic (and possibly obvious) question.  Surprisingly, it has sparked debate amongst engineers that have managed/configured with the mwg for a couple years.

       

      Thank you in advance.