cancel
Showing results for 
Search instead for 
Did you mean: 
asabban2
Level 17
Report Inappropriate Content
Message 11 of 26

Re: McAfee Web Gateway replace TMG

Jump to solution

Hello,

can the client reach the MWG? Can you ping the IP address of the interface the client is connected to? Can you share the network settings of the client as well?

Best,

Andre

smalldog
Level 12
Report Inappropriate Content
Message 12 of 26

Re: McAfee Web Gateway replace TMG

Jump to solution

Did i config correctly? i can ping internal interface and also external interface. In transparent router mode, do i must config default gateway on client point to internal interface or just config proxy setting in browsers that enough? Thanks Andre!

asabban2
Level 17
Report Inappropriate Content
Message 13 of 26

Re: McAfee Web Gateway replace TMG

Jump to solution

Hello,

I cannot tell you what you have to configure, because I do not know what you would like to set up 🙂 In transparent router mode it should be enough to use MWG as the default route on the client, and you do not need to explicitly configure the proxys IP in the browser. If you want to configure it in the browser, there is maybe no need to use transparent mode, but you could run in explicit mode very well. So it really depends on how your network looks now and how it should look when MWG is in place,

If you can ping MWG from your browser you should be able to reach it. If you try browsing, is there an MWG error message showing up in the browser? Did you  try to run any packet captures on MWG to see what is going on?

Best,

Andre

Highlighted
smalldog
Level 12
Report Inappropriate Content
Message 14 of 26

Re: McAfee Web Gateway replace TMG

Jump to solution

Have no errors in browsers from MWG. Because my customers using TMG (proxy mode) with 2 interface so i must config MWG transparent router mode that don't need change anything from client.

asabban2
Level 17
Report Inappropriate Content
Message 15 of 26

Re: McAfee Web Gateway replace TMG

Jump to solution

Hello,

as explained it is hard to tell each setting without knowing the network and environment. Have you run any packet captures and verified that the traffic arrives at the MWG as expected when you try to browse?

I would recommend to file a ticket with support if a more in-depth analysis is required.

Best,

Andre

Re: McAfee Web Gateway replace TMG

Jump to solution

If you are using transparent router mode, my guess is that the router that MWG uses as its default gateway needs a static route back to the client's subnet.

Transparent router mode on MWG does not include NAT like TMG does, so traffic that gets to the edge router still retains the IP address of the original client. In order for responses to get back the client, the router needs to have a static route to hop it back through the MWG's external IP address.

smalldog
Level 12
Report Inappropriate Content
Message 17 of 26

Re: McAfee Web Gateway replace TMG

Jump to solution

Thanks All, because in customer's network client point default gateway to another firewall and use auto detect proxy to browser internet by dhcp server. So i want to deploy proxy mode that one internal interface (no default gateway) that client point proxy to and one external interface that go to internet. I think proxy maybe deploy easier. Is it possible?

Re: McAfee Web Gateway replace TMG

Jump to solution

Yes, that is possible.

However, I do not recommend putting an external interface directly to the internet. You should have the outgoing interface at least protected behind a firewall or in a DMZ. Otherwise, you will have to harden that external interface with network protection rules and binding the service to the inside interface only. That is not too hard to do, but it's easier if you have a firewall doing that work for you instead.

smalldog
Level 12
Report Inappropriate Content
Message 19 of 26

Re: McAfee Web Gateway replace TMG

Jump to solution

Hi All, my customer network use dhcp wpad.dat to autoconfig proxy on TMG so i also config MWG to using wpad.dat but have conflict (Infinite Proxy Loop) because they using port 80 path http://x.x.x.x:80/wpad.dat that MWG didn't work. They also don't want to change path because this just demo. Have you got any ideas for this situation? Thanks!

Re: McAfee Web Gateway replace TMG

Jump to solution

Hello Andre and others,

Can You help me with next issue:

My customer using TMG in Proxy mode. All users have on their browsers proxy configurations of TMG. And some users, as example accountants, working with some programs that cannot use browser's proxy settings. For solve this, TMG has a TMG Client that can use TMG in NAT mode.

And my customer want to change TMG to MWG. We deployed MWG in Proxy mode. And I don't know how to solve issue for accoutants.

Please, help me urgently!

Thanks!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community