The McAfee Web Gateway NTLM integration does currently require SMBv1 to be enabled on the domain controllers used for authentication. McAfee is actively working on an integration using SMBv2 but that will take at least several months. In the interim there are many secure authentication options for our customers that would enable them to disable rather than patch SMBv1 on many or all DCs.
Stand up or use patched domain controllers that still run SMBv1 for MWG to use (could be firewalled instead of patched so only allows SMB connections from other DCs and MWGs).
Use the NTLM agent (does not need SMB)
Use Kerberos with user group lookups via LDAP (does not need SMB)
Use MCP for redirection to MWG when on premise (does not need SMB)
The cloud service never interacts directly with AD so it is unaffected by the disabling of SMBv1.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.