cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jebotha
Level 9
Report Inappropriate Content
Message 1 of 7
‎10-01-2014 04:38 AM

McAfee Client Proxy not working

Hi

I am currently doing a POC at a customer involving Web Gateway 7.4.2.2.0, ePO 5.1.1 and MCP 1.2. The Web Gateway is located in the DMZ but as far as I am aware all ports are open. When I configure the Web Gateway as proxy in the browser, it works perfectly. When I use the MCP though, it tells me No Connectivity and No Redirection

My ePO policy is set to always redirect and the proxy configured in the policy is the same as the one I have configured in the browser. What is strange is in the MCP logs I get the following entry time and time again:

09/30/14 : 16:36:07:735 - [VERBOSE] CNetworkManager::getUrlWebPage -  Getting url

09/30/14 : 16:36:07:766 - [VERBOSE] CNetworkManager::getUrlWebPage -  Finished getting url

09/30/14 : 16:36:07:766 - [VERBOSE] CNetworkManager::checkCaptivePortalMethod2 -  Captive portal detected, or no original page

09/30/14 : 16:36:07:766 - [VERBOSE] CNetworkManager::checkCaptivePortalConnectivity -  Captive portal detected or connection failed

I have done packet captures on the client and a tcpdump on the Web Gateway and from that it is clear that traffic is reaching the Web Gateway from the client and it looks normal. Does anyone have any ideas?

Many thanks

0 Kudos
Reply
6 Replies
jscholte
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7
‎10-01-2014 07:54 AM

Re: McAfee Client Proxy not working

Hi!

That message means that MCP is detecting a "captive portal". This is the equivalent of what you would get when you visit a starbucks or a hotel, when you need to click the "I accept button" for internet to work.

MCP will stand down when it detects a captive portal because if it doesnt, you cant actually click the button to "Accept".

Do you have a support case open?

Best Regards,

Jon

0 Kudos
Reply
jebotha
Level 9
Report Inappropriate Content
Message 3 of 7
‎10-01-2014 09:58 AM

Re: McAfee Client Proxy not working

Hi Jon

Many thanks for the reply. Is there any configuration I can change to not check for a Captive Portal? As far as I know there is none. When you open the browser it shows an access denied page from the firewall.

No, I have not opened a support case

Many thanks

Jacques

0 Kudos
Reply
jscholte
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7
‎10-01-2014 10:01 AM

Re: McAfee Client Proxy not working

Hi Jacques,

The idea is that if a captive portal is detected, that MCP needs to stand down, but it shouldnt do that if MCP is set to always redirect.

This is MCP 1.2? This sounds like MCP 1.1 (there was a bug where it failed to stand up).

Please open a support case and include the capture you ran so I can take a look.

Best,

Jon

0 Kudos
Reply
abolshakov
Level 7
Report Inappropriate Content
Message 5 of 7
‎10-29-2014 11:54 PM

Re: McAfee Client Proxy not working

Hello everyone!

I have the same situation as jebotha described - MCP policy is configured to "always redirect" but MCP still detects captive portal. And I'm using version 1.2 (1.2.0.8 as McAfee Agent says). It can be either a bug (but I thought it was fixed in 1.1 patch 1) or a feature (but in this case I think developers should provide an option to disable captive portal detection).

As known, MCP tries to connect some website and get data that is known, and if it gets another data than respected MCP thinks that it's a captive portal (something like that). Using wireshark I found that MCP tries to connect to McAfee servers (I will not list them here - they can be different from yours, check your wireshark log) by HTTP GET and request for some resource (usually / or /us or /MCP.txt).

As a workaround, I just allowed traffic to these destinations by HTTP for all (i.e. unauthorized) users, and now everthing is fine.

P.S.: I hope this little newbie post will help someone. 😃 However, I'll be waiting McAfee to fix this problem.

P.P.S.: Sorry for my english, unfortunately it's not my native language.

0 Kudos
Reply
Troja
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 7
‎10-30-2014 12:23 AM

Re: McAfee Client Proxy not working

Hi abolshakov,

MCP does this test to detect if direct internet access is possible. This is necessary if you are in a hotel where you have to activate your WLAN access. In this situation no proxy server must be used.

The second possibiity where MCPdoes not use a proxy if you configure a proxy server in your browser settings.

I took a look to the MCP Log this morning, i cannot see any entry with "captive portal"....

Perhaps you want test my policy file, just change the proxy settings and the customer idetifyer.

Cheers,

Thorsten

Demo_(McAfee_Community).xml.zip
0 Kudos
Reply
abolshakov
Level 7
Report Inappropriate Content
Message 7 of 7
‎10-30-2014 02:31 AM

Re: McAfee Client Proxy not working

Hi, Troja,

First of all, thanks for your reply! Secondary, I've just tried your policy file (changed customer ID and proxy settings) and I still get problems with captive portal detection:

10/30/14 : 11:11:42:829 - [VERBOSE] CNetworkManager::checkConnectivity -  Checking connectivity status

10/30/14 : 11:11:42:829 - [VERBOSE] CNetworkManager::checkProxyConnectivity -  Checking proxy connectivity

10/30/14 : 11:11:42:829 - [VERBOSE] CNetworkManager::checkProxyConnectivity -  Detected proxy connection at 0ms

10/30/14 : 11:11:42:829 - [VERBOSE] CNetworkManager::checkProxyConnectivity -  Using proxy policy order

10/30/14 : 11:11:42:829 - [VERBOSE] CNetworkManager::checkConnectivity -  Always redirecting, skipping corporate connectivity tests

10/30/14 : 11:11:42:829 - [VERBOSE] CNetworkManager::checkCaptivePortalConnectivity -  Testing captive portal

10/30/14 : 11:11:42:829 - [VERBOSE] CNetworkManager::getUrlWebPage -  Getting url

10/30/14 : 11:11:42:860 - [VERBOSE] CNetworkManager::getUrlWebPage -  Finished getting url

10/30/14 : 11:11:42:860 - [VERBOSE] CNetworkManager::checkCaptivePortalMethod1 -  Captive portal detected, or no original page

10/30/14 : 11:11:42:860 - [VERBOSE] CNetworkManager::getUrlWebPage -  Getting url

10/30/14 : 11:11:43:141 - [VERBOSE] CNetworkManager::getUrlWebPage -  Finished getting url

10/30/14 : 11:11:43:141 - [VERBOSE] CNetworkManager::checkCaptivePortalMethod2 -  Captive portal detected, or no original page

10/30/14 : 11:11:43:141 - [VERBOSE] CNetworkManager::checkCaptivePortalConnectivity -  Captive portal detected or connection failed

And MCP says "No redirection, No connectivity".

About need of captive detection - I don't have any clients outside of organization but I have some software that doesn't support proxy servers natively. That's why I need to use MCP instead of simple proxy settings in IE. Previously we used TMG 2010 and TMG Client.

Regards!

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC