[squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record
David Touzeau
david at articatech.com
Sun Jun 26 10:33:55 UTC 2022
Hi Eliezer
if you want to do transparent mode without having to put squid squidboix
in front of your fortinet.
If you want to do transparent mode while your fortinet aggregates
several VLANs, the WCCP mode is necessary
So you can control everything through your fortigate
By the way, fortinet offers their proxy based on WCCP to ensure a
consistent integration with fortigate
My configuration is very simple to replicate :
We have added a service ID 80 on fortigate but failed caused by the
squid bug
config system wccp
edit "80"
set router-id 10.10.50.1
set group-address 0.0.0.0
set server-list 10.10.50.2 255.255.255.255
set server-type forward
set authentication disable
set forward-method GRE
set return-method GRE
set assignment-method HASH
next
end
Squid wccp configuration
wccp2_router 10.10.50.1
wccp_version 3
# tested v4 do the same behavior
wccp2_rebuild_wait on
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp protocol=tcp flags=src_ip_hash
priority=240 ports=80,443
wccp2_address 0.0.0.0
wccp2_weight 10000
Le 24/06/2022 à 13:17, ngtech1ltd at gmail.com a écrit :
>
> I am not sure and can spin up my Forti but from what I remember there
> are PBR functions in the Forti.
>
> Why would a WCCP be required? To pass only ports 80 and 443 instead of
> all traffic?
>
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220626/1aa594ef/attachment.htm>
More information about the squid-users
mailing list