McAfee maintains a set of proxy filtering nodes around the world to provide service to its Web Protection Service customers.  The specific details of the nodes may change over time as facilities expand or migrate.  Additionally, load balancing, maintenance, or other factors may cause traffic to change from one filtering facility to another at any given time. To best allow for dynamic management of traffic and provide the highest level of service, McAfee strongly recommends that proxy settings use hostnames and do not rely on static IP addresses whenever possible.

Note that hostnames, with the exception of the anycast hostname, are provided in a format that allows each customer to have a unique hostname.  These are in the format of <customer domain>.<datacenter host>.  For example, the hostname in the United States would be *.*.web01.mxlogic.net generically or mydomain.com.web01.mxlogic.net for a customer with mydomain.com as their domain.  The examples below use mcafeesaas.com as the customer domain.

McAfee also provides IP (outbound IP) references that the web servers delivering content will see as a source IP.  For some business-to-business applications, you may need to provide these ranges to allow connectivity

Roaming hosts

McAfee provides two mechanisms for pointing browsers to the closest or fastest proxy.  One uses Anycast technology which will use hop count to determine the closest facility.  The other uses geo-location to point to an appropriate facility.  As these hosts are dynamic, the outbound IP will be depend upon where the request is processed.

(anycast routed to closest datacenter): wpsproxy.mcafeesaas.com port 8080

(geo-location based host): mcafeesaas.com.geolbproxy.mxlogic.net port 8080

 

North America

McAfee operates several facilities in the United States that operate collectively.  The datacenters are reached through a common hostname that allows for dynamic management of traffic.

mcafeesaas.com.web01.mxlogic.net port 8080

outbound IP ranges: 208.42.251.112/28, 173.239.125.176/28, 208.65.144.0/21

 

EMEA

McAfee operates facilities in Europe that are cross-reference to each other for failover redundancy.

Amsterdam:

mcafeesaas.com.web01.emea.mxlogic.net port 8080

outbound IP from proxies to Internet is 208.81.64.247

London:

mcafeesaas.com.web01.uk.mxlogic.net port 8080

outbound IP from proxies to Internet is 193.128.33.248 (UK IP address)

Southern Pacific Region (ANZ)

McAfee operates facilities in Australia and New Zealand that are cross-referenced to each other for failover redundancy.

Auckland:

mcafeesaas.com.web01.nz.mxlogic.net port 8080

outbound IP from proxies to Internet is 218.101.54.38 (a local IP in Christchurch, NZ)

Sydney:

mcafeesaas.com.web01.anz.mxlogic.net port 8080

outbound IP from proxies to Internet is 125.7.33.97 (a local IP in Australia)

Asia Pacific

McAfee operates facilities in Asia that are cross-referenced to each other for failover redundancy.

Tokyo:

mcafeesaas.com.web01.apac.mxlogic.net port 8080

outbound IP from proxies to Internet 208.81.65.247

Hong Kong:

Note that traffic is being taken for this host, but the facility is in process of being relocated to Singapore later in 2014.

mcafeesaas.com.web01.hk.mxlogic.net port 8080

outbound IP from proxies to Internet 208.81.69.247

** Note: datacenter specific hostnames are generic and are sent in activation guides with customer specific names (e.g, domain.com.web01.mxlogic.net is the same as mcafeesaas.com.web01.mxlogic.net)

Locking Down Firewalls

If you desire to lock your web traffic to the McAfee facilities, you can use these CIDR ranges:

208.65.144.0/21

208.81.64.0/22

208.81.68.0/23

208.81.70.0/24