Guys, my question is around McAfee client proxy. We have some windows software that ignores our IE or NETSH WinHTTP proxy settings. It tries to contact the internet directly. If I want to intercept this I have to put a firewall on the subnet and create rules but uit uses cloud services and those IPs change from time to time. I could also use a default route but not keen on that. If I could intercept this traffic and route it to a proxy that would be ideal so I could do SSL insepction etc. Does McAfee Client Proxy do this?
Hope you are doing well.
Yes MCP should help here.
McAfee client proxy (MCP) is an application that is installed or deployed via ePO on the client workstations. MCP is used to force workstation traffic to the proxies defined in MCP's settings. MCP is also used to forward user authentication information. This authentication information is included in encrypted HTTP headers with each request.
MCP software is installed in user machine and takes care of redirection part of traffic to the configured proxy servers and thus eliminating the need of getting the proxy server details in browsers/machine configured
By default MCP redirects traffic destined for ports 80,443 to the configured proxy servers for filtering.
say if endpoints are being managed by EPO, then you can get this MCP software pushed through it to users machine for installation.
you can also get cloud subscription, so when user is not connected to corporate network and is outside , his traffic can be redirected to cloud proxy for filtering.
You can have an hybrid setup, wherein policy configured on in house MWG is synchronised with cloud proxy.
In your MCP Policy , you can configure always redirecting and in proxy server list , add maybe 2 proxy servers , one being on prem MWG details on top and second being cloud proxy details .
So when user is in corporate network his traffic is being routed through on prem MWG and when user is outside corporate network his traffic is being redirected to cloud proxy.
Please refer below links for more information on this:-
Hope you are doing well.
Yes. By default port 80 and 443 traffic will be rediected by MCP to configured proxy servers.
Non-HTTP/HTTPS Redirected Ports — Specifies the port numbers of protocols other than HTTP/HTTPS whose traffic you want redirected. Verify that the proxy server supports these protocols. You can enter up to 1024 characters in this field.
In the Specify additional ports that you would like to redirect as HTTP/HTTPS traffic field specify the numbers of other ports whose traffic you want redirected like HTTP/HTTPS traffic For example, you can redirect traffic sent to an application. You can enter up to 1024 characters in this field.
You can also configure bypass lists , if you want any traffic to to be sniffed and redirected by MCP to proxy server.
You can create a Common Catalog instance for Client Proxy, then select it when configuring the bypass list in a policy.
Client Proxy catalog instances are globally available. You can associate each instance with more than one policy.
A Client Proxy catalog consists of lists of items that are grouped by these categories or types:
• Domain names
• Network addresses
• Network ports
• Process names