cancel
Showing results for 
Search instead for 
Did you mean: 
dorian.negru
Level 7

McAfee Web Gateway - SSL Inspection Problem

Hello

I'm currently trying to use a McAfee Web Gateway (latest version) deployed on-premise to manage user access to various resources. The problem is that bypassing the proxy (i.e. direct access) is not an option nor is user-controlled certificate acceptance.

I've gotten SSL Inspection working flawlessly for generic websites but I am having trouble with access to certain partner portals: for some odd reason, SSL inspection fails miserably when the destination host is in a private subnet (i.e. users in 172.16.x.x and server in 10.x.x.x. Traffic from user to server is https and must be proxied and inspected by the MWG. Users must see that the connection is secured using the MWG's sub-CA used for SSL inspection.

Is there some undocumented limitation that prevents SSL inspection for RFC1918 IP ranges?

Thanks for any suggestions and input!

0 Kudos
2 Replies
andyclements
Level 12

Re: McAfee Web Gateway - SSL Inspection Problem

What kind of error messages do you get?  There should be no issues with SSL scanning on private network spaces.  Are there block pages, or just browser errors?  A rule engine trace may be useful here.

I have seen at various sites issues with MWG connecting back into a network, due to network or DNS issues.

0 Kudos
asabban
Level 17

Re: McAfee Web Gateway - SSL Inspection Problem

Hello,

there is no undocumented limitation I am aware of. I think MWG is probably not able to talk to the servers hosted in the private network due to some firewall limitation or there are whitelist rules in place which prevent SSL Scanner from inspecing the certificates.

Best,

Andre

0 Kudos