McAfee Web Gateway Best Practices and Common Scenarios


    Dear MWG Fan Community,


    Now that MWG 7 has been around for a little bit and we have plenty of experience with the dos and don'ts of this most powerful web gateway ever, we figured it was time to get some best practices out there and spread the word about some of the awesome features MWG has to offer.


    Below is a collection of documents written to help you understand the MWG better and hopefully cover some of the common cases you as an Admin experience.

    Part of the idea is to collect feedback (No, not the this time ) from you as community contributors and keep improving and adding to the collection. If you have a topic that you would like to see covered or learn more about, please let us know in the comment section below.


    We hope you find this collection of best practices and common cases interesting and ultimately helpful in making your admin life easier. Let us know what you think and keep comments and suggestions coming!


    Your MWG Team



    Deployment Considerations


    Rule Engine Tracing

    Upgrading your Web Gateway (Release Branches and Options Explained)

    Automatic Backups with a Little Trick

    Deployment Modes

    Direct Proxy vs. Transparent Deployments

    WCCP Explained

    Proxy HA explained

    Hosting your Proxy.pac/WPAD.dat on the MWG

    Transparent Bridge Gotchas
    Troubleshooting Next Hop Proxy Issues

    Web Hybrid

    Setting up Sync with the Cloud (Web Hybrid)

    McAfee Client Proxy (MCP) with Web Gateway

    Central Management

    Central Management Explained

    Proxy related

    Via and X-Forwarded-For headers (Proxy Loop Prevention)

    FTP over HTTP Explained

    Progress Indication Methods Explained

    Introduction to Reverse Proxy



    Filtering Policy

    Understanding and Optimizing your Rules

    Policy Assignment - Performing filtering based on groups/user/IPs

    Default Policy Changelog

    Error Handling (Are you failing open yet?)

    Customizing your Block Pages

    Integrating MWG with Advanced Threat Defense (ATD)



    Different Options explained for different Deployment Methods

    NTLM Domain Membership Explained


    The Ultimate Guide

    Simplified Setup Guide

    LDAP Authentication on the McAfee Web Gateway



    Creating URL related list entries

    User-Agents explained

    Subscribed lists and how they can help with problematic connections - Get Creative with your Rules

    Subscribed Lists and External Lists Format Examples


    HTTPS Considerations

    SSL Scanner capabilities -- breaking down SSL Scanner components
    SNS Journal featuring SSL Scanner
    SSL Scanner capabilities webinar (1hr)
    SSL Scanner Rule Examples

    What is the "Client Context" and why do I need it?

    How to Roll Out a CA to your Clients

    What to consider when whitelisting HTTPS URLs

    HTTPS in transparent deployments and how SNI can help


    Common Troublemakers

    HTTP 502's explained

    Streaming Video and how the MWG Streaming detector helps

    Flash Videos (via RTMP) do not play




    How Log Files work and How to create your own

    Notifications and Alerting Options

    Monitoring File System Usage

    Sending Access logs via syslog



    Configuring MWG to push logs to Web Reporter

    Configuring MWG to push logs to Content Security Reporter

    Adding a custom Log Field to your Reports

    Considerations when enabling group reporting

    Database maintenance and cleanup (Don't run out of disk space on your Server!)




    Remote Access Cards (RMM/DRAC) and why they are an Admins Best Friend

    Gathering hardware logs (getlogs)

    Partition Resizing (need more space for log files?)

    Offline Updates for Environments with no Internet Access

    Restoring your Config after a Hardware replacement

    Adding a Hard Drive back into a RAID array

    Recommended memory upgrade for 7.5.x



    Contact McAfee

    Technical Support

    Uploading Files for MWG Support

    URL Feedback

    URL Categorization Submissions to TrustedSource

    AV Feedback

    False Detection Submissions (KB62662)




    2015-11-12 - Added 7.5.x Memory upgrade to Hardware section

    2015-01-16 - Added "Troubleshooting Next Hop Proxy Issues"

    2014-12-30 - Added "Simplified Kerberos Setup", "How to gather hardware logs (getlogs)", "Policy sync with Web Hybrid", "Integration with ATD", "Setting up MWG with CSR"

    2013-10-04 - Added "Introduction to Reverse Proxy", "LDAP Authentication on the McAfee Web Gateway", "Subscribed Lists and External Lists Format Examples", "Rule Engine Tracing"

    2013-09-30 - Added "Sending Access logs via syslog", " explained", "Automatic Backups", "Restoring your config after a hardware replacement"

    2013-09-27 - Added " Offline Updates", "Customizing Block Pages", "SSL Scanner Rule Examples"

    2013-09-27 - Added "Progress Indication Methods Explained", "Transparent Bridge Gotchas", "How to Roll Out a CA to your Clients", "Partition Resizing"

    2013-06-27 - Added "NTLM Domain Membership", "Configuring MWG and WR", "Custom Log Field Reporting", "Group Reporting pitfall", "WR DB maintenance"

    2013-06-27 - Added "WCCP Explained", "Direct vs. Transparent Proxy", "Hosting Proxy.pac", "Rule Optimization", "MCP"

    2013-06-25 - Added "Error Handling", "Upgrading", "SNI explained", "FTP over HTTP"

    2013-05-16 - Added "Flash videos (via RTMP) do not play"

    2013-05-03 - Fixed link for "502" explained"

    2013-03-29 - Added "Notifications and Alerting", "Submitting URLs" and "How Logging works"

    2013-03-28 - Initial Release