cancel
Showing results for 
Search instead for 
Did you mean: 

Re: MWG Known Bugs

We had a similar set up for 6.8, with one applicance configured as a standby and had run into an issue similar to the one that I posted about the other day.  Because the appiance itself didn't fail (mwg daemon running & appliance still online) traffic wouldn't failover to the other box.  Traffic would have to be manually re-routed via PBR (policy based routing) to forward the traffic to the wam standby.

We've got a support ticket open to try and get the software upgraded to 7.0.2.  (We haven't been able to find the appropriate download through the support site.)

@ NetTAs: To answer your question, we only had roughly 100 or so users on it when we ran into the problem I mentioned last week.  (A fraction of our total user base.)

Re: MWG Known Bugs

My biggest complaint with the product continues to be the inconsistency of the "clusters".

  1. One day it load balances, next day it doesn't. 
  2. One day it runs like a horse, next day it is slow an sluggish.
  3. One day malware checking is fast and amazing, next day it stops web site access.
  4. One day host entry files work, next day it doesnt.
  5. JAVA access to management is the WORSE of all!!!!  It loads ummmm  NEVER!  unless you flush it out from the applaince. 
    1. very tedious to do this when you have a global corporation and need to make an immediate change. 

I've had McAfee on site at our US\ UK locations and we continue to have problems with the appliance.  We've done everything possible to get this resolved and have done everything McAfee has asked us to do to fix.  But we fix one problem and we add 2 additional.  To think we chose this product over Cisco IronPort, Websense, etc. because we were confident it would be a resilient reliable product.   

Message was edited by: cestrada on 12/13/10 6:28:04 PM CST
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 13 of 26

Re: MWG Known Bugs

Thanks for reporting these issues, Carlos.

I assume you have mentioned those to support or our consultants so we could have helped you?

thanks,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
bradh
Level 7
Report Inappropriate Content
Message 14 of 26

Re: MWG Known Bugs

We have been struggling to get this into production. We started with v6 but then found out that v7 was the new version and decided to go directly to 7 hoping it would be with less problems.   we continue to try to get to v7 (moving off smartfilter), but it continues to present a number of issues that keep us from going beyond the pilot of maybe a hundred users. 

Current version is: 7.0.2.1.0 (9319), which we upgraded to to solve a problem with one of the appliances crashing over and over again.

now we are finding that some sites aren't working that were before... we are getting proxy errors.

we also find that WCCP isn't working consistently.

experiencing periods of slowdowns when it takes minute or minutes for a response. yet if the browser is changed to not use the proxy, the response is instant, and requests to other sites that the WPAD is sending DIRECT, work instantly as well.

we started turning off features because of the problems such as the anti-malware detection since it was causing huge problems downloading and staging the files.

Yes we have opened tickets for all of these but responses and solutions are very slow to be returned.  we provide the necessary feedback files and more recently tcp captures from both the appliances and the clients.

Users are able to uncheck the auto proxy detect in order to continue their work but the check gets reset the next time they log into the system. once this is in full production that will not be an option so this must all work!

at this point my advise to anyone is to test test and test before exposing your customers to this proxy.

Re: MWG Known Bugs

I completely sympathize with you.

  1. As of today Dec. 21. 
  2. We had no choice but to disable anti- malware globally due to time outs and inability to get to sites.
  3. We also have had a hard time with web site redirects using nonstandard ports.  the appliance drops the connection or simply times out or no error msg just hangs
    1. e.g. if you go to amazon.com and you click a link and amazon redirects a site to use port 8160 or whatever instead of port 80 \ 8080\ 443 \ etc.
  4. We had to disable "coaching” globally b\c device hangs on most sites you coach especially email.
  5. We also had to WhiteList FTP on a consistent basis b\c the device cant distinguish FTP sites well.
  6. MAC machines have extremely difficulties with this devices

Its an absolute embarrassment to be unable to log on to this appliance on a consistent basis due to JAVA. Very difficult to support end users when you need support yourself. I agree that Support is slow to respond and at many times no matter how many feedbacks or TCP Dumps you send - they still can’t seem to give you resolutions.

Message was edited by: cestrada on 12/21/10 2:43:56 PM CST
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 16 of 26

Re: MWG Known Bugs

Carlos, Brad,

I again state that I am worried to see that you have so much undesirable situations with our product. As this is not reflecting the global experience we make, I'd like again to emphasize that my door is open via private message in this forum to contact me to get the product team involved, which I stated before and have not yet gotten any note about your issues. Furthermore I don't see any response on whether you have contacted support on these particular matters.

If any of you want to get me involved in your cases - again, please send me a private message in this forum and included your contact details, such as full name, company, email and phone. I am happy to be your advocat in our org and facilitate solving your problems. Latter one is my job anyway as Product Manager - solving market problems.

If you feel that this is not an option, please let me know as well and also what you think is an option.

Just mentioning issues will not solve them, so allow me to help you or at least to understand the full scope of issues.

thanks,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: MWG Known Bugs

Here is the bugs I have found.

Does not work with Server 2008 R2 Windows Updates keeps prompting for Auth.

Does not work with Windows 7 Windows Updates keeps prompting for Auth.

I have no issues with XP or 2003.

Java Auth issues.

Thing is my network is a normal native server 2008 domain.  I am using NTLM auth which works great for normal web surfing.

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 18 of 26

Re: MWG Known Bugs

Hello,

for NTLM and Win7/2008 I have found this while searching the web for your issue: http://blog.censornet.com/index.php?/archives/43-Windows-update-breaks-NTLM.html not saying that it is cause, but might be the case.

What are your Java issues?

thanks,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: MWG Known Bugs

I ran into the authentication problem with Windows 7 and WG7 as well.  I put a simple authentication bypass rule in for the user agents specific to Windows Update.  Since, all is well.  If you'd like more detail on it, let me know.

Steve

Highlighted

Re: MWG Known Bugs

I also had to put in an Auth Bypass rule for the Windows Updates.

At the Authenticate and Authorize rule set i have a Windows Updates Bypass Auth rule.

Rule Criteria

Header.Request.Get ("User-Agent") ((click the parameter to set User-Agent))

Matches in list

Created a list "User Agents for Windows Updates" then added a wildcard expression "Windows-Update-Agent"

Then added another Rule Criteria and linked with an OR

URL.Host

Matches in List

Created a list "Windows Updates" then added a wildcard expression for all the Windows Updates sites.

Here is what I used.

*windowsupdate.com*

*windowsupdate.microsoft.com*

w2ksp*.microsoft.com

*download.microsoft.com*

*update.microsoft.com*

Action is set to "Stop Rule Set"

Then to restrict access to who can run Windows Updates I added I added two rules to Category Content Filter.

Name: Allow Windows Updates for Domain Admins

Authentication.Attributes cantains "Domain Admins"

And

URL.Host matches in list "Windows Updates"

Action is Stop Rule Set

Name: Block Windows Updates for Domain Users

Authentication.Attributes cantains "Domain Users"

And

URL.Host matches in list "Windows Updates"

Action is Block

Setting is URL Block.

Make sure Domain Admins rule is above the Domain Users Rule.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community