as some of you might have noticed, McAfee Web Gateway 7.0.2 offered a new feature - the ability to act as SSL enabled reverse proxy.

Historically, MWG has been used as reverse proxy for http already, as basically a reverse proxy is not much different from a forward proxy, which most of you know as this is the standard deployment for MWG. The only difference is the location in the network - it sits close to the server, rather than close to the clients. The ability to accept transparent traffic for http existed eversince, as we required it historically for certain deployments and it got more importance when starting to implement some transparent modes, such as WCCP, bridge or router.


The major ability we added in release 7.0.2 is the ability to deliver predefined server certificates for SSL Connections and to send webserver requests to an upstream server rather than proxy requests only. Having these two features in place, we have a prefect solution not only to relay traffic for your clients, but also can protect portals, such as Sharepoint servers, Outlook WebAccess or Intranets.


This solution has been tested already by customers as solution to apply the security filters of MWG to traffic directed to Sharepoint servers including antimalware scanning, proactive scanning, mediatype filtering.

Other customers have used MWG as security layer to their Outlook Web Access (OWA) to prevent malicious uploads with antimalware scanning and proactive scanning. They have also applied mediatype filtering to make sure that just renaming a file wouldn't allow you to send it. Additionally we have a deployment that utilizes GTI (http://www.mcafee.com/us/mcafee-labs/technology/gti-reputation-technologies.aspx) to check the GEO location of a client's IP to block access to OWA based on this criteria.


A whitepaper about the solution is currently under preparation, so stay tuned for more details on this interesting topic.