cancel
Showing results for 
Search instead for 
Did you mean: 

3 x Web Gateway in Proxy HA behind McAfee Firewall Enterprise as upstream proxy

Jump to solution

Hi,

I'am in customer site with 3x MWG 5500 installation.

Customer have McAfee Firewall Enterprise (v 8.3.x).

Web Gateway-s are placed in McAfee Firewall Enterprise DMZ.

Ports 80 and 443 are redirected to VRRP address of proxy HA config (in MWG) using firewall option "upstream proxy" without NAT.

Everything looks OK, but I see, that onlu first Web Gateway (Primary Director) scans users traffic.

Others two Web Gateways not scan users traffic.

Question why only first MWG (primary Director) scan traffic.

Below You have screens from Proxy HA config and Firewall upstream redirect.

mwg_traffic_only_first_scan.JPG

First MWG (MWG01) - Primary Director:

proxyHA_MWG01.JPG

Secong MWG (MWG02) - Secondary Director:

proxyHA_MWG02.JPG

Third MWG (MWG03) - Scanner:

proxyHA_MWG03_Scanner.JPG

MFE upstream proxy config:

MFE_upstream-proxy.JPG

Any ideas why only first MWG scan traffic?

Best regards

Krzysztof Anzorge

0 Kudos
1 Solution

Accepted Solutions
skloepping
Level 9

Re: 3 x Web Gateway in Proxy HA behind McAfee Firewall Enterprise as upstream proxy

Jump to solution

Hi krzysztof.anzorge

i am not quite sure about the MFE stuff here, but for proxy HA i am missing a port redirect 9090 -> 9090 from our community here: https://community.mcafee.com/docs/DOC-4819

Best Regards

Stefan

0 Kudos
1 Reply
skloepping
Level 9

Re: 3 x Web Gateway in Proxy HA behind McAfee Firewall Enterprise as upstream proxy

Jump to solution

Hi krzysztof.anzorge

i am not quite sure about the MFE stuff here, but for proxy HA i am missing a port redirect 9090 -> 9090 from our community here: https://community.mcafee.com/docs/DOC-4819

Best Regards

Stefan

0 Kudos