cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Client proxy configuration.

Hi all,

I am facing some issue in McAfee Client proxy. We are planning to implement MCP in our client and our testing is going. Here I am mentioning our environment.

  1. MWG,EPO,MCP
  2. We have integrated with Active Directory server in LAN environment.
  3. We have created rules and policy for AD group and rules and policy  are getting properly user are able to browse allowed site and restricted site are getting blocked.
  4. Client has May laptop users so client wants to protect that user while users are browsing internet from outside network (Internet card, Home internet connection). But same rule and policy should get.
  5. So we have planned to Implement MCP client
  6. We have completed configuration of MCP in EPO.

A, Install the McAfee Client Proxy extension

B. Check in the McAfee Client Proxy client package to ePolicy Orchestrator

C. Select a policy and added NATed IP in Proxy server list and port 9091

D. Deploy McAfee Client Proxy with ePolicy Orchestrator

        7. We have created rule in firewall for MWG with  NATed  public IP to MWG proxy IP with port no 9091

Now Problem is occurred that.

  1. Users are not get same Active directory policy different different group  users are getting one top level rule and policy.
  2. Internal site are not getting access from outside through proxy.

My question.

  1. What are the rules we need to create for MCP client in MWG.
  2. How can by-pass my Internal site.

Regards,

Sabin karthikeyan.

0 Kudos
3 Replies
McAfee Employee

Re: McAfee Client proxy configuration.

Hi Sabin!

I imagine the policy issue is occurring because the groups received by MCP, and those returned from your Windows domain membership are different.

By default when performing direct proxy authentication, groups will simply be returned with the name of the group, NO DOMAIN IS INCLUDED. Example: Domain Users

By default when using MCP, groups will be returned WITH THE DOMAIN INCLUDE. Example: MCAFEE\Domain Users

So... I'm guessing you have all of your rules written based on the group WITHOUT the domain. You should change it to INCLUDE the domain to account for how MCP will send the groups.

You can do this under Policy > Settings > Engines > Authentication > [pick your auth settings], then check the box for "Prefix groups with domain name..." see screenshot below:

prefix.png

On the second issue, is the MWG in a DMZ that might not permit it to access internal sites? This sounds more like a networking issue. What message are you receiving (cannot connect)?

Best,

Jon

0 Kudos

Re: McAfee Client proxy configuration.

Hi jon,

I have tried the same setting it not working.

Can you provide the authentication seetings rule set for MCP and other requred rule set and rule.

Regards,

Sabin Karthikeyan.

0 Kudos
shaikga
Level 7

Re: McAfee Client proxy configuration.

Hi Sabin,

Going through some search and found this issue, is this issue resolved are still struggling....

0 Kudos