1 of 1 people found this helpful
Remove the thought of "mirrored switch port" from your thoughts. You can have two interfaces if you like, but it's not necessary.
What you described is exactly what WCCP does. Please refer to https://kc.mcafee.com/corporate/index?page=content&id=KB63018
For more information for configuring the cisco device see their docs on the matter:
WCCP has been around a long time on the Web Gateway and a lot of customers like it's flexability. I like it to compliment direct proxy traffic.
You may be confused.
WCCP is not a way to monitor traffic passively on a mirrored switch port. It is a method of redirecting all traffic flow for port 80/443 and redirecting it at layer 2 through the MWG.
It is similar in policy configuration to bridge mode, but the Cisco routers/firewalls do the interception of traffic and redirection. WCCP can be configured to fail open and load share among proxies, whereas bridge mode cannot do that very well.
Thank you for the info!
I am trying to accomplish exaclty what we are doing with another product(not mcafee product.)
cisco firewall-->cisco switch--> other network montoring devices....
^-------port mirroring done here
By monitoring a mirrored switch port that sees all traffic, we can keep the device out of line, and as block as required.
The cisco firewall configuration did not have to be modifed.
Just trying to keep it simple!
I was hoping i could do the same with little firewall involvement..
I picked a hell of a day to quit sniffing glue....
What you are describing with the mirrored port sounds like an "inspector" type of setup. In this type of setup the Web Gateway would not be able to perform full content scanning, most likley only URL filtering at best. This is not an ideal way to use your 5500 ;-). At the moment there isnt support for a mirrored port configuration to allow for simple URL filtering (correct me if I'm wrong...).
WCCP allows for full content scanning, while it may be a little complex at first to setup, in the end it is a much better solution in my book.