Verify WCCP status on FortiGate: run `diagnose wad wccp status`
Confirm WCCP service is enabled: run `config system network-wccp` and check WCCP is set to enable and the correct service/role is configured
Confirm WCCP peers/routers are detected: run `diagnose wad wccp dump`
Check WCCP bindings for expected service IDs: run `diagnose wad wccp service`
Verify FortiGate is receiving GRE packets (if using GRE): run `diagnose sniffer packet any “host
Verify FortiGate is forwarding/processing redirected traffic: run `diagnose firewall iprope status`
Check session hits for traffic coming through the WCCP path: run `diagnose firewall session list | grep -i
Validate routes/redirect behavior: confirm that traffic matching the router’s WCCP policy is being redirected to FortiGate (compare before/after counters on the router)
Check interface counters on FortiGate for the inbound redirected traffic interface: `get system interface
Confirm NAT/VIP policy behavior for redirected flows (if applicable): check relevant firewall policies and counters for the session direction
If using ICAP/HTTP proxy with WCCP, confirm proxy/service counters are increasing for redirected requests
Review FortiGate logs for WCCP/WAD events: `execute log filter category event | grep -i wccp`
Confirm no WCCP negotiation errors: check `diagnose debug application wad -1` then `diagnose debug enable` and reproduce traffic, then `diagnose debug disable`
Stop debug after validation: `diagnose debug disable`