cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

IFP in Web Gateway 7

Does anyone know if IFP is supported in web gateway 7?

i see no metnion of IFP in any config guide nor in the box help system.

thanks,

chris

10 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 11

Re: IFP in Web Gateway 7

Not in the 7.0 version.  It is supposedly coming in a patch release.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 11

Re: IFP in Web Gateway 7

Hello,

true - IFP is not part of the MWG 7 version. However it is part of MWG 6, which you should be able to use and which should cover all you need, as category based URL Filtering is as good as in MWG 7.

For my education, why would like to see IFP in MWG 7, why can't you use it natively, via WCCP, in bridge mode, ...?

thanks,

Michael

--

Sr. Product Manager MWG

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
Highlighted

Re: IFP in Web Gateway 7

Michael,

thanks for the answer.

My company has been SmartFitler users for my 5000+ user orginization for years.  It was done by IFP through a Cisco Firewall.

We upgraded from a standalone smartfilter server to the weggateway product line in order to to full proxy for say 1/4 - 1/2 of our users.

We still want to do URL Fitlering for the other 1/2 of the company.

on 6.8 we were able to use the webgateway url policy piece for both.

If you were full proxied by either WCCP or by direct proxy, it would url filter you.

If you were not proxied, the firewall would catch your url request and pass it the web gateway via IFP, check the policy, and good to go.

I know i could push all traffic to the webgateway via WCCP and make all url/proxy decisions there.  There are some internal design considerations with this that make it less desirable that the IFP option fo rus.

I'm not really catching what you mean by "bridge mode".

IS IFP on the WebGateway 7 coming in a future release?

thanks for the help.

chris

Highlighted
Level 15
Report Inappropriate Content
Message 5 of 11

Re: IFP in Web Gateway 7

Bridge mode is the deployment method by which an MWG sits on the wire and bridges traffic between 2 NICs.

You have an internal NIC to the clients, an external NIC to the firewall, and it filters the web traffic going through it on predetermined ports (80,443,FTP) .

Any non filtered ports are simply forwarded to the other side.

Highlighted

Re: IFP in Web Gateway 7

eric,

thanks for the advice.

however, with a full 20G core backbone network, this idea seems really bad for us.

i see were it could be usefull for smaller networks that can not do wccp and don't want to force users to be directly proxied.

In our multi firewall, multi switch vendor, multi isp, multli os enviorment IFP was the way for us to do URL Filtering at the firewall level.

It has worked great for the past 5 years or so.

the Web Washer/Gateway appliances were sold to us as a way to continue to utilize our current "smartfilter IFP" firewall setup and add proxy capability for a % of out user base.

Doing both of these things on the same box with the same url policies was a big selling point for us.

we are talking to our mcafee reps and have opened up suppor ticket to try and get an answer for,

Wil IFP be supported on Version 7?

if so, what is the timeframe?

thanks,

chris

Highlighted
Level 15
Report Inappropriate Content
Message 7 of 11

Re: IFP in Web Gateway 7

Since I'm just a system engineer in the field, committing to product features is way above my pay grade. But product management does recognize this as a chasm.

In the meantime, how much of your current traffic is IFP? Is it small enough to keep a single 6.x dedicated appliance (or VM) allocated for that purpose only until 7 has added IFP?

Agreed, the mgmt of the policy would be bifurcated during that time, but you still are filtering and you can still combine reporting in Web Reporter.

Highlighted

Re: IFP in Web Gateway 7

totally not expecting you to give me a commit on the IFP feature or not.  but if you would carry the message upward that would appreciated.

Essentially, i think we will be breaking our redendant webgateway pair.

1 will run v6 for the firewall IFP

1 will run v7 for the proxy clients vis WCCP

this is less than ideal for many reasons, no redundancy, different configs to keep up/update/etc.

thanks for the help/ideas.

chris

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: IFP in Web Gateway 7

Heard you wish Chris. No commitment from my side as, but your request has been heard and put on THE list.

For MWG7 depending on how many users you have, you might want to oconsider VMWare as an option. So you could keep 6.8 redundant + fire up a virtual machine to serve as host for MWG 7.

thanks,

Michael

--

Sr. Product Manager

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
Highlighted
Level 7
Report Inappropriate Content
Message 10 of 11

Re: IFP in Web Gateway 7

Hi,

Is there an update on this? Any word on the availability of IFP in MWG?

Thanks,

Saif

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community