Showing results for 
Show  only  | Search instead for 
Did you mean: 

McAfee Client proxy configuration.

Hi all,

I am facing some issue in McAfee Client proxy. We are planning to implement MCP in our client and our testing is going. Here I am mentioning our environment.

  2. We have integrated with Active Directory server in LAN environment.
  3. We have created rules and policy for AD group and rules and policy  are getting properly user are able to browse allowed site and restricted site are getting blocked.
  4. Client has May laptop users so client wants to protect that user while users are browsing internet from outside network (Internet card, Home internet connection). But same rule and policy should get.
  5. So we have planned to Implement MCP client
  6. We have completed configuration of MCP in EPO.

A, Install the McAfee Client Proxy extension

B. Check in the McAfee Client Proxy client package to ePolicy Orchestrator

C. Select a policy and added NATed IP in Proxy server list and port 9091

D. Deploy McAfee Client Proxy with ePolicy Orchestrator

        7. We have created rule in firewall for MWG with  NATed  public IP to MWG proxy IP with port no 9091

Now Problem is occurred that.

  1. Users are not get same Active directory policy different different group  users are getting one top level rule and policy.
  2. Internal site are not getting access from outside through proxy.

My question.

  1. What are the rules we need to create for MCP client in MWG.
  2. How can by-pass my Internal site.


Sabin karthikeyan.

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: McAfee Client proxy configuration.

Hi Sabin!

I imagine the policy issue is occurring because the groups received by MCP, and those returned from your Windows domain membership are different.

By default when performing direct proxy authentication, groups will simply be returned with the name of the group, NO DOMAIN IS INCLUDED. Example: Domain Users

By default when using MCP, groups will be returned WITH THE DOMAIN INCLUDE. Example: MCAFEE\Domain Users

So... I'm guessing you have all of your rules written based on the group WITHOUT the domain. You should change it to INCLUDE the domain to account for how MCP will send the groups.

You can do this under Policy > Settings > Engines > Authentication > [pick your auth settings], then check the box for "Prefix groups with domain name..." see screenshot below:


On the second issue, is the MWG in a DMZ that might not permit it to access internal sites? This sounds more like a networking issue. What message are you receiving (cannot connect)?




Re: McAfee Client proxy configuration.

Hi jon,

I have tried the same setting it not working.

Can you provide the authentication seetings rule set for MCP and other requred rule set and rule.


Sabin Karthikeyan.


Re: McAfee Client proxy configuration.

Hi Sabin,

Going through some search and found this issue, is this issue resolved are still struggling....


Re: McAfee Client proxy configuration.

using MCP proxy authentication, when we check the box,which one is correct for the rules set setting :

1. authentication.usergroups contains value-string of "Students" [ad user group]


2.  authentication.usergroups contains value-string of "domain\Students" [ad user group]


McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: McAfee Client proxy configuration.


Hope you are doing well.

You can check this once by taking MWG GUI access-> Navigate to Policy->Settings->Authentication->MCP (MCP authentication settings you are using in your Authentication with Mcafee Client proxy rule)-> Their is an option keep domain name in group name.


If option keep domain name in group name is enabled  then domain\Students will be taken into consideration.  You can disable that option if only group names is being used in the policies.



Alok Sarda

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community