Re: WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record

[David Touzeau <david@xxxxxxxxxxxxxx>]

Hi Eliezer

if you want to do transparent mode without having to put squid squidboix in front of your fortinet.

If you want to do transparent mode while your fortinet aggregates several VLANs, the WCCP mode is necessary

So you can control everything through your fortigate

By the way, fortinet offers their proxy based on WCCP to ensure a consistent integration with fortigate

My configuration is very simple to replicate :

We have added a service ID 80 on fortigate but failed caused by the squid bug

config system wccp
     edit "80"
         set router-id 10.10.50.1
         set group-address 0.0.0.0
         set server-list 10.10.50.2 255.255.255.255
         set server-type forward
         set authentication disable
         set forward-method GRE
         set return-method GRE
         set assignment-method HASH
     next
end

Squid wccp configuration

wccp2_router 10.10.50.1
wccp_version 3
# tested v4 do the same behavior
wccp2_rebuild_wait on
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp protocol=tcp flags=src_ip_hash priority=240 ports=80,443
wccp2_address 0.0.0.0
wccp2_weight 10000

Le 24/06/2022 à 13:17, ngtech1ltd@xxxxxxxxx a écrit :

I am not sure and can spin up my Forti but from what I remember there are PBR functions in the Forti.

Why would a WCCP be required? To pass only ports 80 and 443 instead of all traffic?

--

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users