What policy changes result in WCCP reset or proxy restarts?

Available Languages

Updated:July 31, 2014

Document ID:118120

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Question:

What policy changes result in WCCP reset or proxy restarts?

Environment: Cisco Web Security appliance (WSA) running AsyncOS versions 6.x, 7.1, 7.5 and newer

Certain configuration changes on the WSA appliance require a proxy service restart.

On AsyncOS versions 7.1.x and below, any proxy service restart will cause WCCP negotiation to drop and re-sync as well..
On AsyncOS versions 7.5.x and above, WCCP negotiation is handled by a different process. Hence a proxy service restart will not cause WCCP to drop and re-negotiate.

Additionally on AsyncOS versions 7.5.x and above, while committing changes, WSA will show the below notification on Web GUI when a configuration change triggers a proxy service restart

------------------------------------------------------------------------------------
In order to process these changes, the proxy process will restart after Commit. This will cause a brief interruption in service. Additionally, the authentication cache will be cleared, which might require some users to authenticate again.

------------------------------------------------------------------------------------

The table below lists some configurations and whether they result in a proxy service restart.

Configuration change	AsyncOS 7.1	AsyncOS 7.5 & above
Adding auth realm	yes	yes
Deleting auth realm	yes	yes
Adding identity policy	no	no
Editing identity policy	no	no
Deleting identity policy	no	no
Enabling HTTPS proxy	yes	yes
Disabling HTTPS proxy	yes	yes
Adding decryption policy	no	no
Editing decryption policy	no	no
Deleting decryption policy	no	no
Adding upstream proxy	yes	yes
Deleting upstream proxy	yes	yes
Adding routing policy	no	no
Editing routing policy	no	no
Deleting routing policy	no	no
Adding access policy	no	no
Editing access policy	no	no
Deleting access policy	no	no
Adding custom category	no	no
Editing custom category	no	no
Deleting custom category	no	no
Changing Interface settings	yes	yes
Adding/Deleting routes	yes	yes

Revision History

Revision	Publish Date	Comments
1.0	31-Jul-2014	Initial Release

Contributed by Cisco Engineers

Jakob Dohrmann and Siddharth Rajpathak
Cisco TAC Engineers.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

Secure Web Appliance