https://live.paloaltonetworks.com/t5/general-topics/palo-alto-and-cisco-waas/m-p/15997#M11685 <HTML><HEAD></HEAD><BODY><P><SPAN>According to Applipedia (</SPAN><A class="jive-link-external-small" href="http://apps.paloaltonetworks.com/applipedia/">http://apps.paloaltonetworks.com/applipedia/</A><SPAN>) wccp exists as its own application:</SPAN></P><P></P><P>"</P><P>Description<BR />Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. It has built-in load balancing, scaling, fault tolerance, and service-assurance (failsafe) mechanisms. Cisco IOS Release 12.1 and later releases allow the use of either Version 1 (WCCPv1) or Version 2 (WCCPv2) of the protocol.</P><P></P><P>Category&nbsp;&nbsp;&nbsp;&nbsp; networking<BR />Subcategory&nbsp;&nbsp;&nbsp;&nbsp; ip-protocol<BR />Risk&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3<BR />Standard Ports&nbsp;&nbsp;&nbsp;&nbsp; udp/2048<BR />Technology&nbsp;&nbsp;&nbsp;&nbsp; network-protocol</P><P></P><P>Evasive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Excessive Bandwidth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Prone to Misuse&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Capable of File Transfer&nbsp;&nbsp;&nbsp;&nbsp; yes<BR />Tunnels Other Applications&nbsp;&nbsp;&nbsp;&nbsp; yes<BR />Used by Malware&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Has Known Vulnerabilities&nbsp;&nbsp;&nbsp;&nbsp; yes<BR />Widely Used&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>"</P><P></P><P>In case this isnt enough in your case you can setup security rules that ignores the appid by setting appid:any and then just act on service configuration (PA name for tcp/udp-ports) along with src/dstip and so on.</P><P></P><P>Using appid:any can also be used in order to find out how PA will detect the flows. One problem might be that it at first is detected as wccp but later detected as the actual payload (lets assume its web-browsing or whatever) which means that you might end up with enabling both appid's for it to fully utilize application firewalling.</P><P></P><P>In case your traffic isnt correctly detected you can contact your Sales Engineer or request app enhancement from the Apps and Threats Research Center:</P><P></P><P><A class="jive-link-external-small" href="http://www.paloaltonetworks.com/researchcenter/tools/">http://www.paloaltonetworks.com/researchcenter/tools/</A></P><P></P><P>From there you can click on Submit an app and provide details there.</P></BODY></HTML> Mon, 02 Apr 2012 10:07:13 GMT mikand 2012-04-02T10:07:13Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-and-cisco-waas/m-p/15996#M11684 <HTML><HEAD></HEAD><BODY><P> Hello,</P><P></P><P>We are migrating to a Palo-Alto 4020 cluster from our PIX firewall cluster. I have a question regarding Cisco WAAS and WCCP v2 traffic. The front end router redirects to a Cisco WAE via WCCP services 61 and 62. Both WCCP and the WAE mark the original packet using the TCP options field and also change the packet sequence numbers.</P><P></P><P>My question is how will the PA treat this traffic ? If it drops it, how can I configre the PA to allow it through ?</P><P></P><P>Best regards</P><P></P><P>Stephen</P></BODY></HTML> Mon, 02 Apr 2012 07:57:48 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-and-cisco-waas/m-p/15996#M11684 sfisher899 2012-04-02T07:57:48Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-and-cisco-waas/m-p/15997#M11685 <HTML><HEAD></HEAD><BODY><P><SPAN>According to Applipedia (</SPAN><A class="jive-link-external-small" href="http://apps.paloaltonetworks.com/applipedia/">http://apps.paloaltonetworks.com/applipedia/</A><SPAN>) wccp exists as its own application:</SPAN></P><P></P><P>"</P><P>Description<BR />Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. It has built-in load balancing, scaling, fault tolerance, and service-assurance (failsafe) mechanisms. Cisco IOS Release 12.1 and later releases allow the use of either Version 1 (WCCPv1) or Version 2 (WCCPv2) of the protocol.</P><P></P><P>Category&nbsp;&nbsp;&nbsp;&nbsp; networking<BR />Subcategory&nbsp;&nbsp;&nbsp;&nbsp; ip-protocol<BR />Risk&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3<BR />Standard Ports&nbsp;&nbsp;&nbsp;&nbsp; udp/2048<BR />Technology&nbsp;&nbsp;&nbsp;&nbsp; network-protocol</P><P></P><P>Evasive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Excessive Bandwidth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Prone to Misuse&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Capable of File Transfer&nbsp;&nbsp;&nbsp;&nbsp; yes<BR />Tunnels Other Applications&nbsp;&nbsp;&nbsp;&nbsp; yes<BR />Used by Malware&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no<BR />Has Known Vulnerabilities&nbsp;&nbsp;&nbsp;&nbsp; yes<BR />Widely Used&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>"</P><P></P><P>In case this isnt enough in your case you can setup security rules that ignores the appid by setting appid:any and then just act on service configuration (PA name for tcp/udp-ports) along with src/dstip and so on.</P><P></P><P>Using appid:any can also be used in order to find out how PA will detect the flows. One problem might be that it at first is detected as wccp but later detected as the actual payload (lets assume its web-browsing or whatever) which means that you might end up with enabling both appid's for it to fully utilize application firewalling.</P><P></P><P>In case your traffic isnt correctly detected you can contact your Sales Engineer or request app enhancement from the Apps and Threats Research Center:</P><P></P><P><A class="jive-link-external-small" href="http://www.paloaltonetworks.com/researchcenter/tools/">http://www.paloaltonetworks.com/researchcenter/tools/</A></P><P></P><P>From there you can click on Submit an app and provide details there.</P></BODY></HTML> Mon, 02 Apr 2012 10:07:13 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-and-cisco-waas/m-p/15997#M11685 mikand 2012-04-02T10:07:13Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-and-cisco-waas/m-p/15998#M11686 <HTML><HEAD></HEAD><BODY><P>Hello Mikand,</P><P></P><P>Perfect answer. Thank you very much.</P><P></P><P>Best regards</P><P></P><P>Stephen</P></BODY></HTML> Mon, 02 Apr 2012 11:11:14 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-and-cisco-waas/m-p/15998#M11686 sfisher899 2012-04-02T11:11:14Z