We have configured a content security reporter server and connected it to ePO.
We now want to configure the server to obtain logs from our SaaS proxy.
However, the content security reporter server is behing a proxy server and has no direct internet access.
How can I configure the content security reporter to connect to the internet via a proxy server?
I have already tried creating a proxy setting in the Java net.properties file (both with http/https proxy specified and to use the system proxy settings).
I have also tried to configure proxy settings in the jboss properties, also without result.
Can someone tell me how to configure it?
There's no documentation anywhere.
I have the same issue.
Comparing it with McAfee Web Reporter, when you change the Proxy setting in Web Reporter, there is an insert statement in the DB Access log, so it looks like it's stored in the local MYSQL database for MWR and then set programmatically, which would override the net.properties setting.
That doesn't really help for CSR though. We might be able to pass it as a command line parameter on JBOSS startup?
I've logged a service request anyway.
I have received an answer to the SR I logged.
"No it doesn't presently work through Proxies. Please log a PER"
As confirmed by support, currently CSR cannot connect to the internet via a proxy server.
I believe this will be implemented in a future release, but I don't know exactly when.
However there's a workaround that I implemented and that worked fine for me in several cases.
Basically you have to perform the following steps:
On the Content Security Reporter server:
Note: you have to manually create folder "..\resources\system\" in the path above as it doesn't exist by default!
Note: remember to remove the "#" comment at the beginning of the line!
On McAfee Web Gateway:
See the example below where 192.168.100.248 is the IP address of the Web Gateway that was added in the server.properties file on CSR (it was https://192.168.100.248:443/mwg/api/reporting/forensic/ ):
The rule only rewrites the URL and then calls a "Stop Cycle" as there is no need to filter that traffic on MWG.
You can prove that CSR is now downloading the logfiles by using rule tracing on MWG and filtering by the source IP of the CSR server (in the example below 192.168.100.199 is the IP address of my ePO/CSR server):
This what you will see on ePO, confirming that SaaS log files are getting downloaded:
Please note: sometimes it may take few minutes before the whole process starts to work. You might still see some "Failed - Couldn't initialize" under the "Status" column.
Also, remember to restart the Content Security Reporter services!
Hope it helps.
Senior Sales Engineer
I received the same recommendation from McAfee Support.
I'll give it a try soon. I still don't understand why CSR isn't using the Java proxy settings.
I modified the JBoss startup script and I can see the proxy parameters being passed to the Java VM in Boot.log.
It just doesn't seem to work.
And if you don't want to edit the CSR conf file and want something that will survive upgrade or reinstall, you can edit etc/hosts on csr server to resolve msg.mcafeesaas.com to your Web Gateway address. If you do this you shouldn't have to rewrite the URL and you can just allow the traffic.
With CSR 2.6 and ePO Cloud Gateway there are new configurations required in addition to the ones described above for the server.properties file.
Add the two following variables and corresponding addresses/FQDN to the server.properties file.
IPAddress = On-Prem Web Gateway address/FQDN
Another way to do it..
Change etc/hosts on CSR server to resolve msg.mcafeesaas.com to the webgateway IP address and then port forward 443 on mwg to the actual IP of msg.mcafeesaas.com. My CSR is at 192.168.11.136 and my MWG is at 192.168.11.122, and msg.mcafeesaas.com resolves to 184.108.40.206 at the time this was written.
If you want to use your existing proxy port (default is 9090) with the method originally described, you need to be sure that Server Transparent SSL connections is enabled and all ports are treated as SSL. I am not sure what ramifications that may have on other traffic proxied on that port.
The method I describe above will not work on any active proxy port, but does not require adding any additional listener proxy ports and does not require a CSR server configuration file change.
If you do choose to use this alternative method and do not want to change etc/hosts, then you could use the gateway IP in the CSR configuration file and just set up the port forward.
The downside to the alternative approach is that you are essentially pointing CSR to a fixed IP as opposed to an FQDN and you will have to reconfigure if the DNS entry for msg.mcafeesaas.com changes.