cancel
Showing results for 
Search instead for 
Did you mean: 
com
Level 7

Issues with transparent router proxy

I have installed Web Gateway v7.3 as VM on ESXi and configured it as a transparent router. The firewall is configured to do policy based routing to route http traffic to Web Gateway. When i run tcpdump on Web Gateway, I am able to see the http traffic routed into the proxy interface but Web Gateway is not intercepting the traffic. Console to the Web Gateway shows that there is no entry in the iptables. Any other configurations required for the Web Gateway to work in transparent proxy mode?

Message was edited by: com on 2/17/14 8:46:26 PM CST
0 Kudos
2 Replies
McAfee Employee

Re: Issues with transparent router proxy

Hi!

There is more that need to be configured that your screenshots do not reveal. For example the management IP, this needs to be the physical Ip of the appliance. Nor does it show if a priority is set (needs to be set in order to start taking traffic). Also, the current proxy ports are not shown. For example if 9090 is not defined then this will not work either.

For reference, MWG does not use iptables for the redirection. It uses a kernel driver to redirect called mfend.

To check the status of mfend, you can type:

mfend-lb -s

To see if MWG is propertly ready to accept traffic type:

/usr/bin/mwg-mon -c

To see what state MWG is in:

cat /var/run/mfend/state

For complete setup information see page 114-118 of the 7.3.2 Product Guide - https://kc.mcafee.com/corporate/index?page=content&id=PD24502

Best,

Jon

Message was edited by: jscholte on 2/18/14 10:17:46 AM CST
0 Kudos
com
Level 7

Re: Issues with transparent router proxy

Thanks, Jon. I have configured director priority and proxy port as shown. Since I only have 1 Web Gateway in my setup, do I need to define the virtual IP address?

Message was edited by: com on 2/18/14 7:41:44 PM CST

Message was edited by: com on 2/18/14 7:42:19 PM CST
0 Kudos