URL Filtering Cache Engine 510

Similar Messages

• Cache Engine 510

  Hi ,
  We have purchased a cache engine 510 and are going to be deploying it in a transparent caching scenario. Where is the optimal place to put the cache engine, on the inside network behind firewall or on outside. If placed on the outside of the firewall what conduits/access lists need to be put in place for the solution to work.
  I have been trying to find a good document on how the WCCP protocol works with regards to how the source/destination addresses change when a router redirects traffic to a cache engine to better understand what rules need to be changed on the firewall. Any pointers to a good reference URL will be greatly appreciated.

  to understand the log message, please look into :
  http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_tech_note09186a00800a5fe1.shtml
  If you have only one router, you don't have the choice of the location.
  Put your Cache in the same subnet as the router and the firewall.
  Finally, you can't view object that were cached.
  Gilles.

• Basic URLs of adapter engine associations properties are missing

  Dear all
  We are running on the nw 7.11 pi version.
  And we recently enabled the ssl on the system.. we have HA in place with web dispatcher.
  We updated the exchane profile parameter with all ssl n required parameters.
  CPA cache refresh is working fine.. but. While doing the Intergration server ABAP cache its failing.
  And we checked the sap note 1678104 under the XRIA assoctiation and as well as under the Basic urls of adapter engine "Secure URL"  properties are missing . Since we r not able to update this property.. the adapter engine is still ponting to http url instead https.
  Please see the screen shot.
  Regards
  Manoj K

  Hi Agasthuri,
  yes, maybe something gone wrong in the post install, I will ask the guy which did the installation of the PI. Therefore I didn't have the logon data for performing a cache refresh, but in the log entries it seems that this is working properly.
  Hi Praveen,
  in Communication Channel Monitoring (In PI this is no longer found under Adapter Monitoring), I can see that the messages are delivered, but I can't see the Audit Log entries there.
  I checked the MDT, but there are also no messages displayed.
  End-to-End-Monitoring seems to be a good solution, but it seems that it is something configured wrong in this installation I will try to get the guy which cares for Basis to look after it.
  Best regards,
  Daniel

• No_messaging_url_found: Unable to find URL for Adapter Engine

  Hi,
  I am facing the same problem. I have configured a RFC-File scenario.
  I get the error"no_messaging_url_found: Unable to find URL for Adapter Engine af.<SID>.<server>"
  and <INTERNAL.AE_DETAILS_GET_ERROR>
  I get the error "no_messaging_url_found: Unable to find URL for Adapter Engine" when I execute the Function Module SAI_AE_DETAILS_GET.
  This error occured in the line 235( sap_xi_adapter_services = sld_accessor->associators( iref = sap_xi_adapter_framework assocclass = 'SAP_HostedXIAdapterServi) of the FM.
  The value is not filled and i get the error mentioned.
  I have gone through thread and verified all the points mentioned.
  I have checked SXI_CAHCE,there are no locked users in RSUSR200,
  SXI_CACHE, Goto->AdapterEngine Cache, I have an entry af.<sid>.<server>
  In SLD,Technical Landscape,Exchange Infrastructure I have the entry <SID>.<Server> against the Adapter Engine
  But as was mentioned in the thread the line 241 of the Fucntion Module has 'adapterType' and not 'Adaptertype' as in the exchange profile.I did not try changing 'a' to 'A'.
  Could you please let me know how to solve the problem.
  Thanks in advance.

  Hi Vani,
  Check the pipeline URL in the SLD
  Business System->URL
  It should be
  http://host:HTTPport/sap/xi/engine?type=entry
  Just check this thread- may be useful-
  File Adapter - Sender Problem
  RFC adapter - AE_DETAILS_GET_ERROR - no adapter engine
  https://websmp103.sap-ag.de/~sapdownload/011000358700002757652005E/HowtoMintorAF.pdf
  Hope this helps,
  Regards,
  Moorthy

• Websense URL Filtering is not working in transparent proxy mode

  The "sh ip wccp web-cach detail" show that the redirection to CE cluster (5 of them)is working but the url filtering doesnt work at all. The Websense server is on the same VLAN as all the 5 CE. This thing happened when we reconfigured the wccp router list in all the 5 CE point to the msfc vlan ip from the loopback ip address of the msfc. But the strange thing is the filtering work well when we manually configured the proxy server in the internet explorer point to the CE. Any advise?
  Thanks.
  William

  Problem is due to absense of Host header field . Most of the browsers will send host header field. But in HTTP/1.0 Host header is not a must , though most of the browsers send it.

• Content engine 510 - transparent proxy stand-alone

  Hello to all,
  after studying architecture examples about Content Engine 510, I found that there is two modes:
  1) standard proxy
  2) transparent proxy
  I need the transparent architecture !
  But every example about transparent mode seems to include a router or a switch with a particular level of software, that can send http requests to the Content Engine to have cache.
  I don't have any of these components.
  I simply need to have a Content Engine that receive any kind of IP protocols on one ethernet, and route it to the other ethernet plug, except that if it is http protocol, it will cache the pages.
  Is is simply impossible to configure the Content Engine 510 that way ?
  Is the transparent proxy mode always requires a router or a switch to give it the http flow ?
  If it is possible, where can I find some configuration examples ?
  Thanks to help a newbie in content engine...
  Olivier

  Olivier,
  You'll need to have a router running wccp in order to redirect http requests to the cache. Withouth this, the cache has no visibilty of traffic on your LAN.
  Regards,
  Dave

• Cache engine http transparent proxy and caching

  Hi..
  My customer some GPRS user in which they couldn't control proxy setting of the web browser.
  Is it possible to configure on a cache engine such that when these users access the Internet, they will be intercepted by the cache engine. THe cache engine then forwards the request to a proxy server and out to the Internet ?
  Rgds
  Eng Wee

  It is possible to configure the cache engine to provide access to the users. The following URL shows an example on how to configure the Cisco Cache Engine for transparent caching using the Web Cache Coordination Protocol (WCCP).
  http://www.cisco.com/warp/public/117/cache_engine/transparentconfig.html
  This scenario is pretty similar to your requirement. Hope this helps.

• Cache Engine with a private address

  Can I configure my CE590 with a private address ( for ex. 172.16.1.1 )
  Should I translate this private address to a public address ?
  The sample configuration in the below URL comment :
  !---Important: If you configure the Cache Engine
  !---with a private address, it must get!---translated to a public address. "
  http://www.cisco.com/warp/customer/117/cache_engine/transparentconfig.htm
  please advise me
  Thanks
  Mohamed Abdallah

  Should I configure a static NAT on the router for the CE ip address
  OR use the PTR record in my DNS for the CE ip add. for the DNS reverse lookup ??
  Answer: In any event, you will need a PTR record configured in your DNS network for the CE ip address. This must be a public record so that the internet sites can do a reverse lookup. Best case senario for security is to configure static nat on the router with a public ip address that resolves to the internal private ip address of the CE
  What if I give the CE a public IP address ? Do I need PTR record in my DNS for the CE ip address?
  Answer: You can certainly do that and it does make things a bit easier. For security though, I recommend going with the private ip with nat upstream.
  Regards
  Pete..

• Cach Engine ACNS 5.4 & Embedded WebSense S/W ver 5.2.2

  Dear All,
  I have some design questions that related to CE-7326 with ACNS 5.4 and its embedded Websense s/w ver 5.2 the questions are:
  1) is it possible for the embedded websense s/w to block any TCP user traffic? if yes, does it use the TCP RST flag technique? how the CE sends this TCP RST flag?
  2)if it is possible to block any TCP sessions, how can I let all users' traffic to be redirected to the CE-7326? is there any other way to redirect the users traffic other than the URL redirection? what is that way?
  3) if for example it is possible to redirect the traffic using switch SPAN session (switch mirror port), do I need configure two NICs on the CE-7326 one for the monitor session and the other for sending the TCP RST signal?
  4) is it possible to use the Web caching features (WCCP) in conjunction with the blocking feature? in this case how the traffic will be redirected using WCCP or using a SPAN session, is there any conflict between the two methods or both are totally apart from each others?
  5) is it possible for the embedded Websense to filter (all TCP sessions, not only the redirected HTTP, HTTPS or FTP) the users by their usernames rather than the users IP address?
  6) now I purchased a Websense Enterprise 36 mo Subscription 1001 to 2500 Users license (SF-WEB36-1K-2500), what is the purpose of this license, do I need it to activate the embedded websense on the CE7326 device? Is it possible to use it to install all the websense modules on an external machine other that the CE7326?
  Thanks and best regards

  Hi,
  I've done a few deployments liks this so here is my personal take on your questions.
  1) No, to my knowledge the CE can only deal with the proxy services defined, however the network agent, an element of websense can deal with other TCP protocols. You have to realise that with the CE and websense its more about the capabilities of websense.
  2) See answer 1 and read in the websense deployment guide on the network agents for an idea on deployment, is available from websenses website for a free download.
  3) No, Websense either runs as server on the CE or redirects to an external server, you need to decide on your deployment model.
  4) Yes, you can use Websense/CE with either transparent (WCCP) or non-transparent dependin g on the edge CPE/
  5) Websense supports policies via the manager for IP address or username from ADS/LDAP, be aware that the login for the proxies if using LDAP/ADS does not support single sign on, for transparent identification I'd recommend using IP addresses via WCCP.
  6) You need to setup the Websense server environment, there are sizing guides on Websenses website for the reporting, manager and server. You need the license key to download the URL list on the server (either on the CE or via an external Server).
  I should point out this internal server function is referred to as on box and the external server is referred to as off box.
  For what its worth I would deploy as off box as Cisco have announced their plans to remove support for URL filtering in the CE and it will be easier for you to support off box in the future.
  Feel free to post here if you'd like a 1-2-1 discussion via email as having done the Websense course and playing with the CE its a bit of mind field. I have to say that Websense direct are very good at support but they may want you to do the Websense training as the product is more complex to deploy than say Smartfilter.
  Kind regards
  Mark

• URL filtering Tool

  Dear All,
  We plan to change the URL filterting system from our network. currently we use Websense. our management has decided to cancel the extension due to market slowdown.
  Can u guide to find a cheap and best URL filtering solution for our network.
  Thanks in advance
  Shibu

  We can't say which is best for your network, only you can. However there are some good open-source proxies such as SQUID.
  www.squid-cache.org
  http://www.google.com/#hl=en&q=open+source+proxy+server&aq=4&oq=open+source+pro&aqi=g10&=Google+Search&=I%27m+Feeling+Lucky&fp=1mZ_-PL2Zjc

• Web Filtering / URL Filtering

  Dear All,
  I am looking forward to buy the cisco ASA Firewall with the below mentioned part number.
  ASA5525-SSD120-K9 kindly please let me know whether it supports WEB Filtering / URL Filtering.
  or do i need to go for any other model or license.
  Awaiting your quick responses as it is very urgent.
  Responses are highly appreciated..

  That's the hardware
  You also need a software subscription for the URL/web stuff/IPS
  Near the bottom of this page:  http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/data_sheet_c78-701659.html
  there is a chart with the options and part numbers.

• Question about connection between cache engine and cat6k

  Dear sir,
  Here is the problem description, please give me some help, thank you so much:
  catalyst 6509 is enable for wccp v2.CE 7320 also enable the wccp v2.Wccp service 91 is configured on 6509.Service-munber 91 and port-list 1(with port number 8080) are also configured on CE 7320.Wccp communicates well about service number 91.
  but browsing web page with port number 8080 gets always failed.
  1.6509 wccp configuration:
  ip wccp web-cache redirect-list 30
  ip wccp 91
  interface Vlan10
  ip address 211.162.224.2 255.255.255.240
  ip wccp web-cache redirect out
  ip wccp 91 redirect out
  2.ce7320 wccp configuration:
  wccp router-list 1 211.161.1.49
  wccp port-list 1 8080
  wccp web-cache router-list-num 1
  wccp service-number 91 router-list-num 1 port-list-num 1 application cache
  wccp version 2
  3.show info. from 6509 and ce 7320:
  gwbn7320#sh wccp content-engines
  Content Engine List for Service: Web Cache
  IP address = 211.161.1.50
  Routers seeing this Content Engine(1)
  211.162.224.2
  Content Engine List for Service: WCCPv2 Service 91
  IP address = 211.161.1.50
  Routers seeing this Content Engine(1)
  211.162.224.2
  gwbn7320#sh statistics http savings
  Statistics - Savings
  Requests Bytes
  Total: 90685 460066803
  Hits: 936 162710
  Miss: 89749 459904093
  Savings: 1.0 % 0.0 %
  6509-left#sh ip wccp
  Global WCCP information:
  Router information:
  Router Identifier: 211.162.224.2
  Protocol Version: 2.0
  Service Identifier: web-cache
  Number of Cache Engines: 1
  Number of routers: 1
  Total Packets Redirected: 2525
  Redirect access-list: 30
  Total Packets Denied Redirect: 0
  Total Packets Unassigned: 146
  Group access-list: -none-
  Total Messages Denied to Group: 0
  Total Authentication failures: 0
  Service Identifier: 91
  Number of Cache Engines: 1
  Number of routers: 1
  Total Packets Redirected: 0
  Redirect access-list: -none-
  Total Packets Denied Redirect: 0
  Total Packets Unassigned: 0
  Group access-list: -none-
  Total Messages Denied to Group: 0
  Total Authentication failures: 0
  Regards,
  Sha

  Gilles,
  Thank you!
  Here is the result:
  6509-left#sh ip wccp 91 detail
  WCCP Cache-Engine information:
  IP Address: 211.161.1.50
  Protocol Version: 2.0
  State: Usable
  Redirection: GRE
  Initial Hash Info: 00000000000000000000000000000000
  00000000000000000000000000000000
  Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  Hash Allotment: 256 (100.00%)
  Packets Redirected: 180
  Connect Time: 00:07:06
  Regards,
  Sha

• Reg Unable to find URL for Adapter Engine Error

  Hello,
  During execution of a scenario, i am getting these errors in sxmb_moni:
  AE_DETAILS_GET_ERROR
  3: Unable to find URL for Adapter Engine af.xip.poecspxioo4
  Error when reading the access data (URL, user, password) for the Adapter Engine.
  Seems like it is a problem of XI Server unable to locate the Central adapter engine due to some parameter not set properly.
  So, what are the points we can check while installation of XI so as to rectify this problem.

  Hi all,
  I got the similar error in my scenario and i solved the same.Actually i ma not pretty surte this will solve your problem.
  In my case proxy generation settings was mis configured in the sender system. so its caused the reason.
  I made an entry in the SPROXSET table and i did other activities like RFC and application system also.
  Then its worked for me. Its not matching with your case please do ignore this one
  Regards
  Vijay

• Problems with transaction-logs on cache engines

  Good Day All,
  I have a Cache Engine 550 here and the transaction log working.log file got quite large.
  I was not able to export it to my ftp server so I logged into the Cache engine via ftp and downloaded the file to a PC.
  I then deleted the working.log file on the Cache Engine and rebooted the cache engine.
  The working.log file was not re-created as I had hoped it might be.
  I have created a file called working.log in the correct directory. This file does not seem to get updated though so this must not be right either.
  Any suggestions?
  regards,
  amanda

  Hi Zach,
  Thank you so much for writing back. I am running an archaic version of the software... i can check tomorrow. As to the logging.... i had not enabled transaction-logging in itself so it was a silly config error ...
  :) amanda

• ACE as cache engine for wccp redirection

  Does anybody know if the ACE 4710 appliance supports WCCP acting as a web-cache engine? I am exausting all possible options, and then some, for deploying a new application networking environment. I just returned from ACE training last week and found myself ramping up to deploy a new ACE.
  I have pretty much exhausted my options for topology. We discussed several different designs in class and I don't like any of them. I have some serious problems with using the ACE as a default-gateway for servers. That options is out due to how other "non application" traffic is handled. Traffic such as RDP from IT support staff, patching from SMS servers, virus dat updates, vulnerability scanning... it all routes to the ACE which has to have static routes... then clients hitting the application VIPs have to be natted so the ACE does not use the static routes and reply directly... it all becomes a very big problem over time.
  Second and third options are one-armed and direct server return... both not suitable for my requirements.
  Now... that leaves me with an option we currently have deployed. That is to use a distribution route-switch (Catalyst 4500 Sup-IV) in the middle. The Cat uses PBR to return http traffic from the web servers back to the ACE. All other traffic follows normal routing table.
  Ok... that works perfect... except PBR is not supported in the Sup-6 engine. Unbelievable... I know. This is a major fly in the ointment for this new deployment.
  Now... there is another protocol that is often used for redirection... WCCP. If the ACE were a wccp web-cache, the router could be configured to redirect ingress http to the ACE. But... the ACE would have to act as a web-cache engine and register with the Cat as a home-router.
  I am sure this option is not an option... but it would be nice. The ACE 4710 appliance has the general processor to do it but it would have to be implemented in software. I'm running A3(1.0) and I cannot find anything related to wccp. Nothing in the command-reference.
  If there are any Cisco developers interested in adding some killer funtionality... this would be it. Wccp can be done in layer-2 as well as layer-3. The Sup-6 supports layer-2 redirection. Since the ACE is generally layer-2 adjacent this would be rather easy to implement. Anyway... food for thought.

  I just would like to mention that you could have ACE in bridge mode inserted between your servers and the gateway (4500).
  All traffic will go through ACE but no need for nating and no statc routes (just one default route pointing to the 4500).
  The only problems would be if you exceed the BW of the 4710 with all your traffic.
  Regarding the WCCP support for the 4710 this is not currently in our roadmap.
  Ask your cisco account team to introduce the request.
  Thanks,
  Gilles.