Squid for FortiOS

# squid
#
wccp2_router 192.168.1.100

wccp2_forwarding_method gre

wccp2_return_method gre

wccp2_service standard 0 password=FortinetWEbberCache


#fortigate  WCCPcfg



config system interface
    edit "port1"
        set vdom "root"
        set ip 192.168.1.100 255.255.254.0
        set allowaccess ping   ssh https 
        set type physical
        set wccp enable  
    next
end

config system wccp
    edit "0"   
        set router-id 192.168.1.100  
        set server-list 192.168.1.99  
        set authentication enable  
        set password FortinetWEbberCache
end


config firewall policy
    edit 0
        set srcintf "LANLOCAL"
        set dstintf "EXTWANLEVEL3"
            set srcaddr "LOCALLAN_NET-GROUPS"
            set dstaddr "all"
        set action accept
        set schedule "always"
            set service "HTTP"
        set wccp enable  
        set comments "HTTP TRAFFIC TO INTERCEPT FROM ALLOWED LAN USERS"
        set nat enable
    next
       edit 0 
        set srcintf "port1"
        set dstintf "EXTWANLEVEL3"
            set srcaddr "squidproxy"
            set dstaddr "all"
        set action accept
        set schedule "always"
            set service "DNS" "HTTP" "PING"
        set comments "SQUID PROXY"
        set nat enable
    next 
       edit 0
        set srcintf "LANLOCAL"
        set dstintf "EXTWANLEVEL3"
            set srcaddr "LOCALLAN_NET-GROUPS"
            set dstaddr "all"
        set action deny
        set schedule "always"
            set service "HTTP"
        set comments "SAFEGUARD TO DROP ANY NONE PROXY"
 end

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \