We had a similar set up for 6.8, with one applicance configured as a standby and had run into an issue similar to the one that I posted about the other day. Because the appiance itself didn't fail (mwg daemon running & appliance still online) traffic wouldn't failover to the other box. Traffic would have to be manually re-routed via PBR (policy based routing) to forward the traffic to the wam standby.
We've got a support ticket open to try and get the software upgraded to 7.0.2. (We haven't been able to find the appropriate download through the support site.)
@ NetTAs: To answer your question, we only had roughly 100 or so users on it when we ran into the problem I mentioned last week. (A fraction of our total user base.)
My biggest complaint with the product continues to be the inconsistency of the "clusters".
I've had McAfee on site at our US\ UK locations and we continue to have problems with the appliance. We've done everything possible to get this resolved and have done everything McAfee has asked us to do to fix. But we fix one problem and we add 2 additional. To think we chose this product over Cisco IronPort, Websense, etc. because we were confident it would be a resilient reliable product.Message was edited by: cestrada on 12/13/10 6:28:04 PM CST
Thanks for reporting these issues, Carlos.
I assume you have mentioned those to support or our consultants so we could have helped you?
We have been struggling to get this into production. We started with v6 but then found out that v7 was the new version and decided to go directly to 7 hoping it would be with less problems. we continue to try to get to v7 (moving off smartfilter), but it continues to present a number of issues that keep us from going beyond the pilot of maybe a hundred users.
Current version is: 126.96.36.199.0 (9319), which we upgraded to to solve a problem with one of the appliances crashing over and over again.
now we are finding that some sites aren't working that were before... we are getting proxy errors.
we also find that WCCP isn't working consistently.
experiencing periods of slowdowns when it takes minute or minutes for a response. yet if the browser is changed to not use the proxy, the response is instant, and requests to other sites that the WPAD is sending DIRECT, work instantly as well.
we started turning off features because of the problems such as the anti-malware detection since it was causing huge problems downloading and staging the files.
Yes we have opened tickets for all of these but responses and solutions are very slow to be returned. we provide the necessary feedback files and more recently tcp captures from both the appliances and the clients.
Users are able to uncheck the auto proxy detect in order to continue their work but the check gets reset the next time they log into the system. once this is in full production that will not be an option so this must all work!
at this point my advise to anyone is to test test and test before exposing your customers to this proxy.
I completely sympathize with you.
Its an absolute embarrassment to be unable to log on to this appliance on a consistent basis due to JAVA. Very difficult to support end users when you need support yourself. I agree that Support is slow to respond and at many times no matter how many feedbacks or TCP Dumps you send - they still can’t seem to give you resolutions.Message was edited by: cestrada on 12/21/10 2:43:56 PM CST
I again state that I am worried to see that you have so much undesirable situations with our product. As this is not reflecting the global experience we make, I'd like again to emphasize that my door is open via private message in this forum to contact me to get the product team involved, which I stated before and have not yet gotten any note about your issues. Furthermore I don't see any response on whether you have contacted support on these particular matters.
If any of you want to get me involved in your cases - again, please send me a private message in this forum and included your contact details, such as full name, company, email and phone. I am happy to be your advocat in our org and facilitate solving your problems. Latter one is my job anyway as Product Manager - solving market problems.
If you feel that this is not an option, please let me know as well and also what you think is an option.
Just mentioning issues will not solve them, so allow me to help you or at least to understand the full scope of issues.
Here is the bugs I have found.
Does not work with Server 2008 R2 Windows Updates keeps prompting for Auth.
Does not work with Windows 7 Windows Updates keeps prompting for Auth.
I have no issues with XP or 2003.
Java Auth issues.
Thing is my network is a normal native server 2008 domain. I am using NTLM auth which works great for normal web surfing.
for NTLM and Win7/2008 I have found this while searching the web for your issue: http://blog.censornet.com/index.php?/archives/43-Windows-update-breaks-NTLM.html not saying that it is cause, but might be the case.
What are your Java issues?
I ran into the authentication problem with Windows 7 and WG7 as well. I put a simple authentication bypass rule in for the user agents specific to Windows Update. Since, all is well. If you'd like more detail on it, let me know.
I also had to put in an Auth Bypass rule for the Windows Updates.
At the Authenticate and Authorize rule set i have a Windows Updates Bypass Auth rule.
Header.Request.Get ("User-Agent") ((click the parameter to set User-Agent))
Matches in list
Created a list "User Agents for Windows Updates" then added a wildcard expression "Windows-Update-Agent"
Then added another Rule Criteria and linked with an OR
Matches in List
Created a list "Windows Updates" then added a wildcard expression for all the Windows Updates sites.
Here is what I used.
Action is set to "Stop Rule Set"
Then to restrict access to who can run Windows Updates I added I added two rules to Category Content Filter.
Name: Allow Windows Updates for Domain Admins
Authentication.Attributes cantains "Domain Admins"
URL.Host matches in list "Windows Updates"
Action is Stop Rule Set
Name: Block Windows Updates for Domain Users
Authentication.Attributes cantains "Domain Users"
URL.Host matches in list "Windows Updates"
Action is Block
Setting is URL Block.
Make sure Domain Admins rule is above the Domain Users Rule.