WCCP on Barracuda Web Filter — IT Consulting Denver
Web Cache Communication Protocol (WCCP) was developed by Cisco for content routing. One popular use of this is to redirect traffic on a Cisco perimeter device to a web filter such as Barracuda Web Filter 610. Support will tell you that they always recommend the Barracuda be installed inline. There are multiple reasons for this but here are a few: blocking https, full spyware blocking and application blocking. Most websites are moving to https or will redirect a lot of their traffic to https. https packets are hard to block as they are not seen because of encryption. Barracuda will block these packets based on IP addresses since they cant see the URL request in the packet. When the Barracuda is inline it can monitor the source and destination IP. While they cant look inside the packet, unless ssl decryption is used, to look at the URL they use their research to block https sites.
While Barracuda will always recommend running their device inline we would like to bring some other ideas into the picture. Running inline causes some issues at times when you deal with highly redundant networks. NOYNIM IT Consulting Denver has multiple clients running complicated networks that have dual internet paths and multiple firewalls. When you run the Barracuda inline you can only cover one connection. In a firewall failover state all traffic will be lost and the network is left vulnerable.
WCCP offers a great solution for this but there are issues. Https packets are not blocked 100% and there is still spyware that gets past the Barracuda. There has to be some enhancements that offer highly redundant networks a way to fully monitor and filter traffic. One popular way is to use web filters in proxy mode, whether its transparent or not.
While there are multiple ways to filter web traffic its important to consult with each client and provide the high level pros and cons for each solution.
When switching between inline and WCCP sometimes the configuration gets stuck on one mode or the other. Sometimes you think WCCP is off or on but it really isn’t. to make 100% sure everything is working you will need to get into the expert mode. To access the expert mode on a barracuda do the following:
Use the Expert Variables page to set DNS variables. Click Advanced ->, add &expert=1