How to configure transparent redirection using Policy Based Routing (PBR) on a Check Point firewall, which does not support WCCP?
Cisco Web Security Appliance (WSA)
Check point firewall
PBR (policy based routing)
Symptoms: Need to configure transparent redirection on Check Point firewall but it doesn't support WCCP configuration.
Note: This Knowledge Base article references software which is not maintained or supported by Cisco. The information is provided as a courtesy for your convenience. For further assistance, please contact the software vendor.
The Check Point firewall does not support WCCP and hence, we cannot use it on Check Point to transparently redirect traffic from users to the Cisco Web Security appliance (WSA)
However, we can work around this limitation by forwarding the traffic to WSA via the "http_mapped" service.
The client traffic will need to be "sideways routed" into the appliance. This means that the WSA will reside off of a different firewall interface than the clients are coming in from, such as in a DMZ environment.
To redirect client traffic, follow the steps below:
Create a rule with the "http_mapped" service on the check point firewall.
In the Advanced Properties of http_mapped service, change the Match field to SRV_REDIRECT (80,192.168.1.1,3128) where: