cancel
Showing results for 
Search instead for 
Did you mean: 
mreco
Level 9
Report Inappropriate Content
Message 1 of 10

Content Security Reporter through proxy

Hello,

We have configured a content security reporter server and connected it to ePO.

We now want to configure the server to obtain logs from our SaaS proxy.

However, the content security reporter server is behing a proxy server and has no direct internet access.

How can I configure the content security reporter to connect to the internet via a proxy server?

I have already tried creating a proxy setting in the Java net.properties file (both with http/https proxy specified and to use the system proxy settings).

I have also tried to configure proxy settings in the jboss properties, also without result.

Can someone tell me how to configure it?

There's no documentation anywhere.

Thanks.

9 Replies
edkinsr
Level 7
Report Inappropriate Content
Message 2 of 10

Re: Content Security Reporter through proxy

I have the same issue.

Comparing it with McAfee Web Reporter, when you change the Proxy setting in Web Reporter, there is an insert statement in the DB Access log, so it looks like it's stored in the local MYSQL database for MWR and then set programmatically, which would override the net.properties setting.

That doesn't really help for CSR though. We might be able to pass it as a command line parameter on JBOSS startup?

I've logged a service request anyway.

*Update*

I have received an answer to the SR I logged.

"No it doesn't presently work through Proxies. Please log a PER"

McAfee Employee azampier
McAfee Employee
Report Inappropriate Content
Message 3 of 10

Re: Content Security Reporter through proxy

As confirmed by support, currently CSR cannot connect to the internet via a proxy server.

I believe this will be implemented in a future release, but I don't know exactly when.

However there's a workaround that I implemented and that worked fine for me in several cases.

Basically you have to perform the following steps:

On the Content Security Reporter server:

  • Copy file C:\Program Files\McAfee\Content Security Reporter\reporter\conf\examples\resources\system\server.properties to
    C:\Program Files\McAfee\Content Security Reporter\reporter\conf\resources\system\server.properties

        Note: you have to manually create folder "..\resources\system\" in the path above as it doesn't exist by default!


        Note: remember to remove the "#" comment at the beginning of the line!

  • Restart the “Content Security Reporter Server” service


On McAfee Web Gateway:


  • Configure the HTTP proxy to listen on port 443

CSR_via_Proxy_1.jpg

  • Create a redirection rule that rewrites the URL every time that CSR connects to the SaaS portal to download the log files.

         See the example below where 192.168.100.248 is the IP address of the Web Gateway that was added in the server.properties file on CSR  (it was https://192.168.100.248:443/mwg/api/reporting/forensic/ ):

CSR_via_Proxy_2.jpg

    

     The rule only rewrites the URL and then calls a "Stop Cycle" as there is no need to filter that traffic on MWG.


You can prove that CSR is now downloading the logfiles by using rule tracing on MWG and filtering by the source IP of the CSR server (in the example below 192.168.100.199 is the IP address of my ePO/CSR server):

CSR_via_Proxy_3.jpg



This what you will see on ePO, confirming that SaaS log files are getting downloaded:

CSR_via_Proxy_4.jpg


Please note: sometimes it may take few minutes before the whole process starts to work. You might still see some "Failed - Couldn't initialize" under the "Status" column.

Also, remember to restart the Content Security Reporter services!


Hope it helps.


Alberto Zampieri

Senior Sales Engineer

Intel Security


edkinsr
Level 7
Report Inappropriate Content
Message 4 of 10

Re: Content Security Reporter through proxy

I received the same recommendation from McAfee Support.

I'll give it a try soon. I still don't understand why CSR isn't using the Java proxy settings.

I modified the JBoss startup script and I can see the proxy parameters being passed to the Java VM in Boot.log.

It just doesn't seem to work.

McAfee Employee azampier
McAfee Employee
Report Inappropriate Content
Message 5 of 10

Re: Content Security Reporter through proxy

Try the suggested workaround.

I have implemented it several times (even last week at one of my customers) and it works.

Alberto

McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: Content Security Reporter through proxy

And if you don't want to edit the CSR conf file and want something that will survive upgrade or reinstall, you can edit etc/hosts on csr server to resolve msg.mcafeesaas.com to your Web Gateway address. If you do this you shouldn't have to rewrite the URL and you can just allow the traffic.

Re: Content Security Reporter through proxy

With CSR 2.6 and ePO Cloud Gateway there are new configurations required in addition to the ones described above for the server.properties file.

 

Add the two following variables and corresponding addresses/FQDN to the server.properties file.

IPAddress = On-Prem Web Gateway address/FQDN

WebGatewayCloudUSServer https://IPADDRESS:443/mwg/api/reporting/forensic/

WebGatewayCloudEUServer https://IPADDRESS:443/mwg/api/reporting/forensic/

McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: Content Security Reporter through proxy

Another way to do it..

Change etc/hosts on CSR server to resolve msg.mcafeesaas.com to the webgateway IP address and then port forward 443 on mwg to the actual IP of msg.mcafeesaas.com. My CSR is at 192.168.11.136 and my MWG is at 192.168.11.122, and msg.mcafeesaas.com resolves to 208.65.147.141 at the time this was written.

SaaSPortForward.jpg

McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 9 of 10

Re: Content Security Reporter through proxy

If you want to use your existing proxy port (default is 9090) with the method originally described, you need to be sure that Server Transparent SSL connections is enabled and all ports are treated as SSL. I am not sure what ramifications that may have on other traffic proxied on that port.

The method I describe above will not work on any active proxy port, but does not require adding any additional listener proxy ports and does not require a CSR server configuration file change.

If you do choose to use this alternative method and do not want to change etc/hosts, then you could use the gateway IP in the CSR configuration file and just set up the port forward.

The downside to the alternative approach is that you are essentially pointing CSR to a fixed IP as opposed to an FQDN and you will have to reconfigure if the DNS entry for msg.mcafeesaas.com changes.

Re: Content Security Reporter through proxy

Just resurrecting an old thread here, has anyone tried using the MCP client on the Content Security Reporter server to redirect the traffic?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community