cancel
Showing results for 
Search instead for 
Did you mean: 
kbolt
Level 10

McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

Hello all.

I currently use MWG in direct proxy mode with Windows redirecting all traffic to the MWG virtual appliance via the use of WPAD and DHCP option 252. However, Mozilla Firefox and a few other applications don't honor option 252 (or they don't seem to work very well with it) so I'd like to attempt the use of the Client Proxy application.

So far I've installed the application on two test machines, one on our domain and one NOT on our domain. I've also asked our EPO admin for a proxy server OPG file that would point to my test MWG environment. That OPG has been placed inside the temp folder under McAfee Client Proxy's ProgramData folder (C:\ProgramData\McAfee\MCP\Policy\Temp) and About McAfee Client Proxy tells me the settings are configured correctly. Traffic from the test machines are going to the defined proxy address and port.

However, I get a Block Page each time on the two machines when I try to browse. The message says McAfee Web Gateway has blocked your request because you have not been authorized and authorization is required. I read that Client Proxy is supposed to forward users' auth details in HTTP headers so I checked those headers in rule traces and they were empty.

Why is this happening? What database does Client Proxy even use to authenticate users and authorize requests?
about mcp.JPG

empty headers mcp.JPGno auth.JPG

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

Hi Kbolt,

This means that the customer ID/password combination is wrong.

Make sure that MCP and MWG have the same credentials (CustomerInfo.xml). Also make sure that policy version on the client and in ePO are the same.

Best Regards,

Jon

0 Kudos
7 Replies
McAfee Employee

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

Hi Kbolt,

MCP just encrypts your user/group information when it sends it to the MWG. MWG decrypts that information and thats how MWG knows who you are.

If MWG fails to decrypt the information then you will fail "authentication".

MCP/SaaS/MWG must have the same keys in order for everything to work properly.

I would suggest moving your MCP rules toward the top (see the best practice here: ). Modify the ruleset criteria if you are worried it might impact other users.

Best Regards,

Jon

0 Kudos
kbolt
Level 10

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

Thank you very much for this reply. I'll try to make the suggested change. I wonder though, would the headers be left empty if decryption fails at MWG? Is there any way for me to confirm that MCP at the client PC actually sends the header information, encrypted or not? Maybe a wireshark capture?

0 Kudos
kbolt
Level 10

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

So with the ruleset at the very top, it seems to be the same issue.

empty headers mcp2.JPG

0 Kudos
McAfee Employee

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

Hi Kbolt,

This means that the customer ID/password combination is wrong.

Make sure that MCP and MWG have the same credentials (CustomerInfo.xml). Also make sure that policy version on the client and in ePO are the same.

Best Regards,

Jon

0 Kudos
kbolt
Level 10

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

I also took a wireshark capture from the client PC, so it seems like some encrypted information is being sent along with the CONNECT requests. I had exported the MCP XML from MWG and imported it into EPO. I'll double check that though.

wireshark mcp capture google.JPG

0 Kudos
McAfee Employee

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

Hi Kbolt,

Thats the encrypted information I mentioned above.

Best Regards,

Jon

0 Kudos
kbolt
Level 10

Re: McAfee Client Proxy - Authentication/Authorization Problem

Jump to solution

I redid the the Customer ID XML export and import procedure, it's working now so many thanks.

0 Kudos