cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MWG is ignoring NHP when trying to upgrade

Hi

Is it supposed to be possible to upgrade software (specifically from 8.2.4 to 9.2.8) using a Next Hop Proxy?   This is a MWG with no direct Internet access (and no DNS access).  The NHP (Central Management > Update proxies) works absolutely fine for AV DAT updates etc etc, all green in the dashboard.

I tried to initiate an upgrade via CLI with mwg-switch-repo main.  The error it came back with was 'cannot resolve appliance.webwasher.com.  If it was using the NHP it should not need DNS.  Why is it trying to resolve it?

McAfee support told me to use this syntax to ensure it was using the NHP:

export https_proxy="<ip of proxy:port>

mwg-switch-repo main"

or

export https_proxy="<ip of proxy:port>

mwg-switch-repo main"

 (although the kb article says it's this:  'http_proxy="http://<ip of proxy:port>" yum update -y' --- which of these is the correct one?

I tried the ones McAfee support advised and could see in a packet capture that it was still attempting to resolve DNS.  I have now put the appliance.webwasher.com etc URLs into the hosts file.  I can now see it isn't trying to resolve them any more, but it's now sending SYN after SYN directly to the appliance.webwasher.com IP address, still completely ignoring the NHP setting.

Support have as yet not confirmed what I am doing wrong, they don't seem sure.

All advice is greatly appreciated

thanks in advance

4 Replies
smasnizk
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: MWG is ignoring NHP when trying to upgrade

Dear @rockchick_uk 

 

do to my notes I've used in previous sessions with customers the suggestion is to use following commands:

#>http_proxy=http://<ip of proxy:port> yum ugrade yum
#>http_proxy=http://<ip of proxy:port> yum ugrade

Note: don't use DNS name of the proxy - IP is here the best choice.

 

 

 

Best Regards,
Sergej


If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: MWG is ignoring NHP when trying to upgrade

Hi Sergej and many thanks for this!

I used this syntax which worked::

 

http_proxy=”xxxx:<port>”

export http_proxy

https_proxy=”xxxx:<port>”

export https_proxy

mwg-switch-repo main

yum upgrade yum

yum upgrade

But of course I have no idea if my syntax is overly complicated!  Do i need the https_proxy set as well as the http_proxy?

thanks again

smasnizk
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: MWG is ignoring NHP when trying to upgrade

Hi @rockchick_uk 

 

wouldn't say its "overvcomplicated" as it follow the same logic. I'ts a while ago I've used this and my lab have direct access to I simply cant test. If it helps you fixing the trouble you where facing I'm glad to hear and it may help other customers in the community. 👍

 

Best Regards,
Sergej


If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: MWG is ignoring NHP when trying to upgrade

I just tested this:

#>http_proxy=http://<ip of proxy:port> wget http://appliance.webwasher.com

 and it's using the proxy, not trying to resolve DNS, and working now the whitelist has been added to the upstream proxy.

Thanks for your help!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community