"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The Web Cache Communication Protocol (WCCP) was developed by Cisco Systems. The protocol routes traffic in real time, redirecting web requests to Sophos Web Appliances. To enable WCCP integration use the Configuration|Network|WCCP page.
Some benefits of WCCP deployment include transparent redirection of web traffic, load balancing, scaling, and fail-safe mechanisms. WCCP implementation does not require additional proxy settings or client configuration. WCCP can use either Layer 2 MAC Address Rewrite (L2) or Generic Encapsulation (GRE) to redirect traffic to the Web Appliance. You should choose the forwarding method appropriate for your routers according to your organization's infrastructure, network topology, and security requirements.
WCCPv2 allows up to 32 routers (WCCP servers) and up to 32 Web Appliances (WCCP clients) to be connected into a service group.
Fig. 1: A typical WCCPv2 network structure
WCCPv2 adds MD5 shared secret identity, that allows Web Appliances to provide passwords in order to join service groups (recommended). WCCPv2 also supports any IP protocol, including TCP and UDP.
Most Cisco routers can be configured to use WCCPv2 or WCCPv1, while some routers may have limited WCCP support. WCCPv1 is a legacy protocol that only supports a single WCCP router in a service group, and only HTTP (TCP port 80) traffic flow.
For more information on WCCP, consult the following resources:
This article covers the following:
To enable integration between your Web Appliance and WCCP routers, use the Configuration|Network|WCCP page. Your deployment can be in either Transparent Mode or Bridged Mode.
The Web Appliance does not back up network settings, so WCCP settings are not part of the on-demand or on-schedule system configuration data backup. Create and maintain a detailed network diagram that shows the relationships between your Web Appliances and WCCP routers before you attempt to reconfigure or expand your infrastructure. This allows you to recover from network service disruption more easily.
A Management Appliance does not control network settings for joined Web Appliances. Also, WCCP settings are not part of the centralized configuration data. Thus, WCCP integration has to be enabled and configured separately on each joined appliance.
The Web Appliance monitors its connection with WCCP routers. If there is no connection for more than one minute, the system displays a red critical error and sends an email notification to the Alert Recipients every 2 hours.
To stop, start or view the status of the WCCP service on a Cisco router:
show ip wccp web-cache
show ip wccp web-cache view
show ip wccp web-cache detail
no ip wccp web-cache
ip wccp web-cache accelerated
ip wccp web-cache
The WCCP router accepts requests to join a service group as L2 only and redirects traffic to Web Appliances as L2.
If a Web Appliance tries to register itself as GRE, the WCCP service on the router could become unusable for all Web Appliances that have already joined the service group. There are two possible solutions:
Solution A: Set all Web Appliances to L2 only
Solution B: Set all Web Appliances to GRE
The WCCP router can accept requests to redirect traffic to the Web Appliance using GRE or L2. However, certain limitations require specific Web Appliance settings:
Within a service group, all WCCP routers may redirect traffic to Web Appliances running as GRE or L2. However, all WCCP routers and Web Appliances within a service group must use the same redirect method.
WCCP and Active Directory (on the Configuration|System|Active Directory page) can only be integrated with the Web Appliance in transparent mode or bridged mode.
The Authenticate all requests against Active Directory and the Sophos list of applications options are only available in explicit mode. Otherwise, transparent Active Directory authentication is enabled implicitly.
Internet Explorer provides automatic authentication and requires no client configuration.
When the Web Appliance uses Active Directory authentication in transparent mode, and WCCP provides load balancing between two or more Web Appliances, Firefox users are prompted to enter a username and a password once per appliance. To avoid these prompts, configure Firefox to connect automatically.
WCCP and eDirectory (on the Configuration|System|eDirectory page) can only be integrated with the Web Appliance in Transparent Mode or Bridged Mode. The appliance requires no additional client-side or web browser configuration.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.