cancel
Showing results for 
Search instead for 
Did you mean: 
rabee
Level 7

Certificate for proxy in MWG

I have recently learnt that it is possible to configure MWG to redirect traffic to a proxy using the "next-hop proxy" and that it is also possible to write rules for directing certain traffic to this proxy and allow the rest to bypass it. Now I would like to know how to configure it to allow SSH connections with the proxy and whether it is possible for MWG to accept self signed certificates that the proxy hands out. Thanks in advance!

0 Kudos
24 Replies
asabban
Level 17

Re: Certificate for proxy in MWG

Hello,

I am not sure if you are talking about SSH or SSL. SSH is a protocol for remote management which cannot be filtered by MWG. SSL will work out of the box just like plain HTTP. MWG will send a CONNECT request to the next-hop proxy, the next-hop proxy will bring up a tunnel to the remote site and traffic will go through.

By default MWG will not allow self-signed certificates. The general behaviour for self-signed certificates can be changed to allow them. If you are talking about a next-hop proxy that hands out self-signed certificates it sounds like some kind of SSL inspection is done, e.g. the next-hop uses a self-signed Root CA to provide certificates which are signed by that Root CA rather than self signed. In that case you need to import that Root CA to MWG and it will allow the SSL traffic.

Best,

Andre

0 Kudos
rabee
Level 7

Re: Certificate for proxy in MWG

Thank you Andre for that. I will follow up on that post but before that I would like to ask you some questions regarding installation. I am not creating a new thread and asking here instead since it seems unnecessary

I created a Linux 2.6, 64 bit VM, with 4GB Ram and 200 GB Hard disk as per instructions in the Installation Guide. I then boot the VM with the downloaded iso image and I get the configuration wizard menu. I choose the option "video console" but I get an error message saying "No MWG Appliance detected". What could be the issue here?

Message was edited by: rabee on 7/11/14 2:41:34 AM CDT
0 Kudos
asabban
Level 17

Re: Certificate for proxy in MWG

Hello,

what virtualization solution are you using?

That message will pop up if the hardware platform is neither "McAfee" (physical appliances) nor "VMWare Inc." (VMWare).

Best,

Andre

0 Kudos
rabee
Level 7

Re: Certificate for proxy in MWG

I am using VMWare.

0 Kudos
asabban
Level 17

Re: Certificate for proxy in MWG

Which product/version exactly?

0 Kudos
rabee
Level 7

Re: Certificate for proxy in MWG

I was using VirtualBox and not VMWare. My bad. I will post an update of my progress once I try this on VMWare. Thanks once again Andre!

0 Kudos
rabee
Level 7

Re: Certificate for proxy in MWG

Hello Again Andre,

I have installed MWG and got it up and running. I can also access the UI via the browser. How would I direct traffic through MWG? Please note that this is not a full fledged deployment and is only done as proof of concept so the most basic configuration will do, something even as simple as setting the proxy of browsers manually.

0 Kudos
asabban
Level 17

Re: Certificate for proxy in MWG

Hello,

most simple setup that does not require any change to your network in my opinion:

Forward Proxy:

- Configure IP Address of MWG and Port 9090 manually in the browser, e.g. 192.168.0.1:9090. Check "use for all protocols". If you don't want to touch your browser settings get a "portable" version of Firefox which does not add anything to the systems registry and configure it to use MWG as a proxy server.

Reverse Proxy:

- Configure MWG to listen on port 80 and port 443

- Modify your computers hosts file (http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file) to something like "192.168.0.1   www.mwginternal.com". Save & Close

If you now browse from your re-configured browser or with having the modified hosts file your requests will hit MWG.

Best,

Andre

0 Kudos
rabee
Level 7

Re: Certificate for proxy in MWG

Thank you Andre,

I have configured the proxy settings of the browser and it seems to be working fine now. Is there some way I can see logs of all the requests that pass through MWG?

0 Kudos