cancel
Showing results for 
Search instead for 
Did you mean: 
dgshipman
Level 7

MWG Hybrid/MCP queries

Jump to solution

Hi all,

I'm currently configuring a proof of concept for web filtering using the following

On-premise: MWG (7.3.2.3.0)

SaaS Web Protection

I've configured web hybrid mode & installed the MCP on a test device via EPO (following the guide at https://community.mcafee.com/docs/DOC-4996)

1. I'm at the point where my MCP policy in epo redirects when off-network, however I have a problem with connecting to the on-premise MWG: my policy is set to 'always redirect' but when on corporate network the status is always 'no redirection/no connectivity' - how do I resolve this behaviour?

2. When off-network the MCP successfully connects to the SaaS service, however I'd like to try and get some more information on setting up filtering policies - how are different users identified on the SaaS portal for example - I'm finding the documentation around this fairly vague (or haven't found the correct documents yet!)

I've tried to configure the default web policy so that it blocks a number of categories, but this information never seems to persist (ie category filtering & any categories i choose to block are reverted within 15 minutes).

Do i need to configure AD integration as i'm unsure as to how this works with the MCP (documents i've found suggest this is an alternative to MCP). I've also tried the MCP user identification utility, but this always fails to log in. Any info on this app would also be useful.

Apologies for the huge amount of questions, any help appreciated

Message was edited by: dgshipman on 2/26/14 10:48:14 AM CST
0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: MWG Hybrid/MCP queries

Jump to solution

You might just need a patch (MCP 1.1 hotfix 2 is the latest). 1.1.0 has an issue where it will fail to redirect to the proxy if the "captive portal check" fails aka you are blocking port 80 on the firewall.

Create a ticket to get the hotfix (you can explicitly ask for it).

Best,

Jon

Message was edited by: jscholte -- added note about creating SR on 3/13/14 2:36:57 PM CDT
0 Kudos
17 Replies
dgshipman
Level 7

Re: MWG Hybrid/MCP queries

Jump to solution

Hi,

Anyone able to assist at all? If this isn't the correct forum to ask I'd appreciate any detail about where best to ask

Thanks

0 Kudos
McAfee Employee

Re: MWG Hybrid/MCP queries

Jump to solution

Hi DG,

This is the correct place to ask these questions.

#1, When "always redirect" is set, this means that MCP will always redirect when it is able to reach the proxy specified in the MCP configuration. I am a bit confused by your wording, but in general, MCP does connection tests to the specified proxy and makes sure it is alive. If those fail, then MCP will not redirect traffic.

#2, Are you having MWG sync with SaaS? If so, then this would make sense why any policy changes made IN SaaS would be reverted. Otherwise, I could see this happening if you are syncing FROM SaaS to MWG.

As far as AD integration, the "Directory services connector" is available which allows for syncing group membership (

http://www.mcafee.com/us/resources/misc/guides/directory-services-connector-start-guide.pdf). Although, MCP will send group information so it should not be necessary to sync with AD if you have mapped a group to a policy.

Best,

Jon

0 Kudos
McAfee Employee

Re: MWG Hybrid/MCP queries

Jump to solution

Also, here is a link to some good SaaS related resources: https://support.mcafeesaas.com/mcafee/_cs/PaymentSelect.aspx?sSessionID=

On there it talks about the User Identification Utility (not something I have had to use as a member of the Web Gateway support team).

Best,

Jon

0 Kudos
dgshipman
Level 7

Re: MWG Hybrid/MCP queries

Jump to solution

Hi Jon,

Thanks for the response, much appreciated.

#1 - i can access the proxy if i manually specify the server & port in a web browser, but if i leave MCP to do it i get 'no connectivity'.

#2 - that makes sense - i've stopped the sync of policies from MWG to SaaS and the changes i make in the SaaS portal now stick - thanks!

0 Kudos
McAfee Employee

Re: MWG Hybrid/MCP queries

Jump to solution

You might just need a patch (MCP 1.1 hotfix 2 is the latest). 1.1.0 has an issue where it will fail to redirect to the proxy if the "captive portal check" fails aka you are blocking port 80 on the firewall.

Create a ticket to get the hotfix (you can explicitly ask for it).

Best,

Jon

Message was edited by: jscholte -- added note about creating SR on 3/13/14 2:36:57 PM CDT
0 Kudos
dgshipman
Level 7

Re: MWG Hybrid/MCP queries

Jump to solution

Hi Jon,

I've now got the hotfix (client version is now 1.1.1.2) - the redirection is working properly. Many thanks for your help!

Kind regards

David

0 Kudos
McAfee Employee

Re: MWG Hybrid/MCP queries

Jump to solution

Glad to hear it!

0 Kudos
timmoty
Level 7

Re: MWG Hybrid/MCP queries

Jump to solution

Hi Jon,

I's like to know further about your statement above "but in general, MCP does connection tests to the specified proxy and makes sure it is alive. If those fail, then MCP will not redirect traffic.".

Does it mean that even though I set "Always Redirect", MCP will still check if the proxies are reachable or not?

Thanks and regards,

Timmoty

0 Kudos
dgshipman
Level 7

Re: MWG Hybrid/MCP queries

Jump to solution

Hi,

My policy is set to 'always redirect' and i find that the MCP does check for communication to the on-premise MWG I have. I found this prior to getting the MCP hotfix as the checks were trying to get out to the internet (blocked by our firewall) hence the failure to redirect traffic.

No doubt someone else will come up with a more detailed answer, but hope this helps

Regards

David

0 Kudos