cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 6

Configuring Web Gateway with Squid

Jump to solution

Hello

I want to configure Web Gateway such that all traffic first goes through Gateway and then to Squid, apart from some exceptions which will bypass squid. This could be specified in a pac file. So, there will two layers, the inner layer being Gateway and the outer one being Squid. Is it possible to configure Gateway for this and if yes, how?

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Configuring Web Gateway with Squid

Jump to solution

Hello,

you can configure MWG to use Squid as a next-hop proxy. An example rule set is part of the product.

MWG cannot read exceptions from a PAC file, you probably have to build the exceptions within MWG in rules, such as:

URL.Destination.IP is in range 192.168.0.0/24          Stop Rule Set

URL.Destination.IP is in range 10.0.0.0/8                    Stop Rule Set

Always                                                                                Stop Rule Set          Enable Next-Hop Proxy(<Squid>)

Such a rule set would tell MWG to directly talk to 192.168.0.0/24 and 10.0.0.0/8 networks directly, while for all other destinations Squid will be used as a next-hop proxy.

Best,

Andre

View solution in original post

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Configuring Web Gateway with Squid

Jump to solution

Hello,

you can configure MWG to use Squid as a next-hop proxy. An example rule set is part of the product.

MWG cannot read exceptions from a PAC file, you probably have to build the exceptions within MWG in rules, such as:

URL.Destination.IP is in range 192.168.0.0/24          Stop Rule Set

URL.Destination.IP is in range 10.0.0.0/8                    Stop Rule Set

Always                                                                                Stop Rule Set          Enable Next-Hop Proxy(<Squid>)

Such a rule set would tell MWG to directly talk to 192.168.0.0/24 and 10.0.0.0/8 networks directly, while for all other destinations Squid will be used as a next-hop proxy.

Best,

Andre

View solution in original post

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Configuring Web Gateway with Squid

Jump to solution

Thank you Andre for the extremely quick reply, that was most helpful. I'll try doing what you said, and if I run into trouble, I will post again.

Highlighted
Level 11
Report Inappropriate Content
Message 4 of 6

Re: Configuring Web Gateway with Squid

Jump to solution

Instead of separate rules for every IP-Range, it could be faster to either have IP Range List, or maybe it would be also easier to put all IP Ranges into text file, and host it somewhere outside of MWG & access it via External Lists...

P.S. another idea - extract IP ranges automatically from proxy.pac by providing filtering regex 🙂

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 6

Re: Configuring Web Gateway with Squid

Jump to solution

Thing is, I can't use IP ranges. To be more specific, I want to route traffic of certain domains through Squid and the rest needs to bypass Squid. I think the filtering regex idea sounds good.

Message was edited by: rabee on 7/10/14 5:42:09 AM CDT
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Configuring Web Gateway with Squid

Jump to solution

Actually the IP Range was just an example. You have several hundrets of properties you can use to decide whether Squid should be used or not.

Best,

Andre

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community