A popular deployment method of MWG is using Proxy Mode along with a proxy.pac or wpad.dat files. MWG has the ability to host your proxy.pac and wpad.dat files. This article will help explain the methods available to host each type of file. While MWG can host the files for you, the contents and functionality of the files are the responsiblity of the customer, as the MWG Support Group does not create or troubleshoot these files. Please reference the resource section for additional information about the creation of proxy.pac and wpad.dat files.
When using a wpad.dat file, you need to take a few things into consideration when hosting it on the MWG:
1. Create a wpad.dat file using a text editor other than notepad. Note: If you need assistance creating the wpad file, please see the resource section below.
2. Next upload the wpad.dat file to the MWG using the Troubleshooting > Files >Upload section of the MWG user interface. The uploaded wpad.dat file can also be found in the /opt/mwg/files directory via command line. Note: It is recommended to always use the MWG Interface for uploading to preserve file permissions.
3. Enable a File Server port listener. You can do this under Configuration > File server > HTTP Connector Port. In this example, we've enabled the HTTP listener port 4713.
4. Create a port forwarding rule located at Configuration > Appliances > Port Forwarding. This will forward your client's requests for the wpad.dat file on port 80 to port 4713, where the file is actually stored.
Source Host: Enter in the network range of your clients that will be trying to obtain the wpad file.
Target Port: 80
Destination Host: 127.0.0.1
Destination Port: 4713
Internet Explorer: Tools > Internet Options > Connections tab > LAN Settings > enable the checkbox for "Automatically detect settings" .
Firefox: Tools > Options > Network > Settings > select the radio button for "Auto-detect proxy settings for this network". (NOTE: Firefox does not support DHCP WPAD.)
When hosting a proxy.pac file on the MWG, the file will be hosted at this address:
Internet Explorer: Go to: Tools > Internet Options > Connections > LAN Settings > Enable the Check-box for "Use Automatic configuration script" and then place the proxy.pac URL in the Address field. Address field example = http://PROXY-IP:4713/files/proxy.pac
Firefox: Go to: Tools > Options > Network > Settings > select the radio button for "Automatic proxy configuration URL" and then place the proxy.pac URL in the Address field. URL field example = http://PROXY-IP:4713/files/proxy.pac
Another method to host a proxy.pac or wpad file is to utilize the Rule Engine. In certain cases, you may have a requirement that the pac file be served from a specific URL or URL path other than what the MWG file server offers. For example, when migrating from McAfee Web Gateway version 6.x to McAfee Web Gateway version 7.x you may decide to continue using the MWG 6.x proxy.pac request method of http://PROXY-IP:9999/proxy.pac instead of the MWG7 method of http://PROXY-IP:4713/files/proxy.pac to avoid changes to your end-user's browser settings.
Here are the steps to serve a proxy.pac file without using ”/files” in the path and served from a different port. Note: This is just one example of using this method - you can always modify the settings to suit your specific needs.
1. Upload your proxy.pac file to the MWG7 file server located under Troubleshooting > Files > Upload
2. Configure the port to serve the proxy.pac from located in Configuration > Appliance > File Server - Enable dedicated file server port over HTTP and add port 4713 to the field provided.
3. Enable a listener for the new port that you want the file to be accessible on (9999) by clicking Configuration > Appliances > Proxies > HTTP Proxy - Add an an entry for 0.0.0.0:9999
Note: Leave all other default values
4. Add a Next Hop Proxy engine with the following Criteria:
Note: We will reference this engine in a rule we create later.
5. Under Policy > Rule Sets, Create a top level rule set called Proxy.pac file handling that applies to Requests and has criteria of Proxy.port equals 9999. Move the new rule to the top of the other rule sets.
6. Create two nested rule sets under Proxy.pac file handling called Serve Proxy.pac file and Prevent open Proxy. Both rule sets have criteria of always and applies to Requests.
7. Add a rule to the Serve Proxy.pac file rule set with the following criteria:
Set the Property Value:
Choose URL.Path from the property drop-down box.
Click Add below the drop-down menu (not to the right) and add the following Parameter Value: /files/proxy.pac
8. Add a rule to the Prevent open Proxy rule set with the criteria of Always with an action of Block. This prevents anyone from using the new listener (9999) to do anything other than obtain the proxy.pac file.
9. The proxy.pac will now be hosted from the following URLs:
Internet Explorer: Replace x.x.x.x with your MWG IP address. Go to: Tools > Internet Options > Connections tab > LAN Settings button > enable the checkbox for "Use Automatic configuration script" and then place the proxy.pac URL in the Address field. Address field example = http://PROXY-IP:9999/proxy.pac
Firefox: Replace x.x.x.x with your MWG IP address. Go to: Tools > Options > Network tab > Settings button > select the radio button for "Automatic proxy configuration URL" and then place the proxy.pac URL in the Address field. URL field example = http://PROXY-IP:9999/proxy.pac
Web Gateway's duty is to simply serve a file; you can manually request the URL in your browser to confirm if the PAC/WPAD file is hosted correctly.
Type http://PROXY-IP:4713/files/proxy.pac into the client's browser address bar and press enter.
Type http://PROXY-IP/wpad.dat into the client's browser address bar and press enter.
If you see you're prompted to view or download the pac file, the MWG is properly serving up the proxy.pac successfully.
Or you can run the following from the DOS prompt of the client computer:
telnet x.x.x.x 4713
Hit ENTER twice after the GET command.
If you see your proxy.pac contents the MWG is properly serving up the proxy.pac.
Using PAC files with Web Gateway: http://kc.mcafee.com/corporate/index?page=content&id=KB67177
Ultimate resource for creating/understanding the Proxy.pac or WPAD.dat file: findproxyforurl.com