Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Best Practice: Configure WCCP Service Settings

  1. Last updated
  2. Save as PDF

Configuring the settings for a WCCP service includes setting service parameters.

For these parameters, consider the best-practice information that is provided here.

Service ID

The service ID identifies the WCCP service. The service is also included in the router configuration, where its ID must be the same.

Service IDs 0–50 are static under WCCP and reserved for well known services with standard configurations. Service IDs 51–255 are dynamic and involve negotiation between the partners in the WCCP configuration. When configuring your WCCP service, we recommend a value from 51 to 98.

Service priority

The service priority identifies the WCCP service. The service is also included in the router configuration, where its ID must be the same.

Service IDs 0–50 are static under WCCP and reserved for well known services with standard configurations. Service IDs 51–255 are dynamic and involve negotiation between the partners in the WCCP configuration. When configuring your WCCP service, we recommend a value from 51 to 98.

WCCP router definition

The IP address of the router for the WCCP service is configured in the router definition. Alternatively, you can specify the name to which a domain server will resolve this IP address.

You can configure multiple routers by specifying an IP address or DNS name for each of them or by using a multicast IP address. When an IP address is to serve as a multicast IP address, this is indicated by use of the keywords group-address and group-listen.

Ports to be redirected

The ports from which web traffic is redirected to the Web Gateway proxy port are listed here.

The redirection works for traffic under HTTP and HTTPS. Redirection of FTP traffic or traffic under any other protocol is not supported. This means that all ports that you configure here must be ports for HTTP and HTTPS traffic. Port 80 for HTTP traffic and port 443 for HTTPS traffic are by default included in the list.

If you add more ports for HTTPS traffic, you must also add them as ports to be treated as SSL.

NOTE: If version 1 of WCCP is used, only traffic for port 80 is redirected. You cannot add any other ports for redirection.

Proxy listener address

The proxy listener address is the physical IP address of the network interface card on a Web Gateway appliance that web traffic is redirected to.

Proxy listener port

The proxy listener port is the port on Web Gateway that listens to redirected requests.

For the redirection to work, you must bind this port to IP address 0.0.0.0. For example, when using default port 9090, bind it by specifying 0.0.0.0:9090.

You must not bind the port to the IP address of the appliance where you are working, by specifying localhost, nor bind it to any other IP address. Otherwise the redirection will not work and traffic will not be processed.

Assignment method

The assignment method is the method for assigning buckets (processing jobs) under WCCP to different Web Gateway appliances when a configuration consists of more than one appliance. The method can be assignment by mask or hash. Some routers only support the mask assignment method. For more information, see the router documentation.

Input for load distribution

Load distribution can based on the source or destination IP address or the source or destination port of a request. We recommend configuring load distribution based on the source IP address. This ensures that the same appliance will always receive the requests that a user sends from a particular client system. Breaking sessions is avoided this way.

Assignment weight

The assignment weight assigns traffic load to different Web Gateway appliances in a WCCP configuration. If 1000 is configured as default on all appliances, the load is distributed equally. If an appliance performs better than the others, you can configure a higher value on this appliance and lower values on the others. If all appliances perform equally well, we recommend leaving the default on each of them.

GRE-encapsulated

When the Generic Routing Encapsulation (GRE) method is used for sending data packets, an original data packet is encapsulated inside a new packet with additional headers. The new packet is sent from the router to Web Gateway over a connection that is known as a GRE tunnel. This method requires more overhead, but has the advantage of working across subnets.

L2-rewrite to local NIC

When the L2-rewrite (Layer 2 rewrite) method is used for sending data packets, the destination MAC address is rewritten to the MAC address of the proxy. The packets are redirected to a network interface on an appliance. This method works only if the router and the appliance are on the same subnet.

L2-redirect target

The target for redirecting data packets under the L2-rewrite method is the network interface of a NIC on the appliance where you are working, for example, eth0.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.