McAfee maintains a set of proxy filtering nodes around the world to provide service to its Web Protection Service customers. The specific details of the nodes may change over time as facilities expand or migrate. Additionally, load balancing, maintenance, or other factors may cause traffic to change from one filtering facility to another at any given time. To best allow for dynamic management of traffic and provide the highest level of service, McAfee strongly recommends that proxy settings use hostnames and do not rely on static IP addresses whenever possible.
Note that hostnames, with the exception of the anycast hostname, are provided in a format that allows each customer to have a unique hostname. These are in the format of <customer domain>.<datacenter host>. For example, the hostname in the United States would be *.*.web01.mxlogic.net generically or mydomain.com.web01.mxlogic.net for a customer with mydomain.com as their domain. The examples below use mcafeesaas.com as the customer domain.
McAfee also provides IP (outbound IP) references that the web servers delivering content will see as a source IP. For some business-to-business applications, you may need to provide these ranges to allow connectivity
McAfee provides two mechanisms for pointing browsers to the closest or fastest proxy. One uses Anycast technology which will use hop count to determine the closest facility. The other uses geo-location to point to an appropriate facility. As these hosts are dynamic, the outbound IP will be depend upon where the request is processed.
(anycast routed to closest datacenter): wpsproxy.mcafeesaas.com port 8080
(geo-location based host): mcafeesaas.com.geolbproxy.mxlogic.net port 8080
McAfee operates several facilities in the United States that operate collectively. The datacenters are reached through a common hostname that allows for dynamic management of traffic.
mcafeesaas.com.web01.mxlogic.net port 8080
outbound IP ranges: 18.104.22.168/28, 22.214.171.124/28, 126.96.36.199/21
McAfee operates facilities in Europe that are cross-reference to each other for failover redundancy.
mcafeesaas.com.web01.emea.mxlogic.net port 8080
outbound IP from proxies to Internet is 188.8.131.52
mcafeesaas.com.web01.uk.mxlogic.net port 8080
outbound IP from proxies to Internet is 184.108.40.206 (UK IP address)
Southern Pacific Region (ANZ)
McAfee operates facilities in Australia and New Zealand that are cross-referenced to each other for failover redundancy.
mcafeesaas.com.web01.nz.mxlogic.net port 8080
outbound IP from proxies to Internet is 220.127.116.11 (a local IP in Christchurch, NZ)
mcafeesaas.com.web01.anz.mxlogic.net port 8080
outbound IP from proxies to Internet is 18.104.22.168 (a local IP in Australia)
McAfee operates facilities in Asia that are cross-referenced to each other for failover redundancy.
mcafeesaas.com.web01.apac.mxlogic.net port 8080
outbound IP from proxies to Internet 22.214.171.124
Note that traffic is being taken for this host, but the facility is in process of being relocated to Singapore later in 2014.
mcafeesaas.com.web01.hk.mxlogic.net port 8080
outbound IP from proxies to Internet 126.96.36.199
** Note: datacenter specific hostnames are generic and are sent in activation guides with customer specific names (e.g, domain.com.web01.mxlogic.net is the same as mcafeesaas.com.web01.mxlogic.net)
Locking Down Firewalls
If you desire to lock your web traffic to the McAfee facilities, you can use these CIDR ranges: