system : wccp
 
wccp
Configure settings for Web Cache Communication Protocol (WCCP).
You can configure a FortiGate unit to operate as a WCCP router or client.
A FortiGate unit operating as a WCCP router can intercept HTTP and HTTPS sessions and forward them to a web caching engine that caches web pages and returns cached content to the web browser.
A FortiGate unit operating as a WCCP client can accept and forward WCCP sessions and use firewall policies to apply NAT, UTM, and other FortiGate security features to them. A FortiGate unit operates as a WCCP client only in NAT/Route mode (and not in Transparent mode)
Enter the following command to configure a FortiGate unit to operate as a WCCP router (this is the default FortiGate WCCP configuration):
config system settings
set wccp-cache-engine disable
end
Enter the following command to configure a FortiGate unit to operate as a WCCP client:
config system settings
set wccp-cache-engine enable
end
When you enter this command an interface named w.<vdom_name> is added to the FortiGate configuration (for example w.root). All WCCP sessions received by a FortiGate unit operating as a WCCP client are considered to be received at this interface and you can enter firewall policies for the WCCP traffic.
Syntax (WCCP router mode)
config system wccp
edit <service-id>
set router-id <interface_ipv4>
set group-address <multicast_ipv4>
set server-list <router1_ipv4> [<router2_ipv4> ... <router4_ipv4>]
set authentication {disable | enable}
set forward-method {GRE | L2 | any}
set return-method {GRE | L2 | any}
set assignment-method {HASH | MASK | any}
set password <password_str>
next
end
Syntax (WCCP client mode)
config system wccp
edit <service-id>
set cache-id <cache_engine_ip4>
set group-address <multicast_ipv4>
set router-list <server_ipv4mask>
set authentication {disable | enable}
set service-type {auto | dynamic | standard}
set assignment-weight <weight_int>
set assignment-bucket-format {cisco-implementation | wccp‑v2}
set password <password_str>
next
end
Variable
Description
Default
<service-id>
Valid ID range is from 0 to 255. 0 for HTTP.
1
router-id <interface_ipv4>
An IP address known to all cache engines. This IP address identifies a FortiGate interface IP address to the cache engines. If all cache engines connect to the same FortiGate interface, then <interface_ipv4> can be 0.0.0.0, and the FortiGate unit uses the IP address of that interface as the router-id.
If the cache engines can connect to different FortiGate interfaces, you must set router-id to a single IP address, and this IP address must be added to the configuration of the cache engines that connect to that interface.
0.0.0.0
cache-id <cache_engine_ip4>
The IP address of the cache engine if its IP address is not the same as the IP address of a FortiGate interface. If the IP address of the cache engine is the same as the IP address of the FortiGate interface on which you have enabled WCCP, the cache-id should be 0.0.0.0.
0.0.0.0
group-address <multicast_ipv4>
The IP multicast address used by the cache routers. 0.0.0.0 means the FortiGate unit ignores multicast WCCP traffic. Otherwise, group-address must be from 224.0.0.0 to 239.255.255.255.
0.0.0.0
server-list <router1_ipv4> [<router2_ipv4> ... <router4_ipv4>]
The IP address and net mask of up to four WCCP routers.
0.0.0.0 0.0.0.0
router-list <server_ipv4mask>
IP addresses of one or more WCCP routers that can communicate with a FortiGate unit operating as a WCCP cache engine. Separate multiple addresses with a space.
 
authentication {disable | enable}
Enable or disable using use MD5 authentication for the WCCP configuration.
disable
service-type {auto | dynamic | standard}
Set the WCCP service type used by the cache server.
auto
forward-method {GRE | L2 | any}
Specifies how the FortiGate unit forwards traffic to cache servers. If forward-method is any the cache server determines the forward method.
GRE
return-method {GRE | L2 | any}
Specifies how a cache server declines a redirected packet and returns it to the FortiGate unit. If return-method is any the cache server determines the return method.
GRE
assignment-method {HASH | MASK | any}
Specifies which assignment method the FortiGate unit prefers. If assignment-method is any the cache server determines the assignment method.
HASH
assignment-weight <weight_int>
Set the assignment weight for the WCCP cache engine. The range is 0 to 255.
0
assignment-bucket-format {cisco-implementation | wccp‑v2}
Set the assignment bucket format for the WCCP cache engine.
cisco-implementation
password <password_str>
The authentication password. Maximum length is 8 characters.
No default.