cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
lepa
Level 7
Report Inappropriate Content
Message 1 of 6

Multiple MWG in transparent router mode

Jump to solution

We have installed multiple MWG in transparent mode behind hardware balancer. All MWG configured to serve in standalone mode.

It is possible to configure of the MWG to central management for ONLY central configuration (MWG should be independent one from other) without director/scan node functionality?

 

1 Solution

Accepted Solutions
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

What if I have want two independent Proxy HA Groups?

This is possible but requires a change on the CLI to the /etc/sysconfig/mfend file. The default load balancing ID (MFEND_LBID) is 51, so a unique LBID must be given to separate the proxy HA groups. Append the following line to the configuration file after the AUTO GENERATE CONFIG: MFEND_LBID='XX' where XX is the unique load balancing ID.

 

Above above config you will configure independent instances.

 

Can you provide output of below command from your MWG's:-

 

mfend-lb -s

 

VRRP packet will be sent out here.

 

You dont need to configure any Virtual IP Addresses settings on your MWG's.

 

Regards

Alok Sarda 

5 Replies
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

Hope you are doing well.

Yes it is possible for all the MWG's to be in central management functionality without having Proxy HA functionality without director/scan node functionality.

 

Central Management is used to synchronize the configuration (policy) between two or more McAfee Web Gateway appliances. This is useful as it solves the problem of making duplicate changes on each appliance. Everything under the “policy” tab, along with the admin accounts, is synced automatically when creating the cluster. Each time a change is made and “Save Changes” is invoked the change will be propagated to all cluster members automatically. This allows the administrator to ensure that filtering policy is the same no matter which appliance is handling a given request.  Settings under the Configuration tab are unique for each cluster node.  This allows the administrator to assign separate networking configuration (IPs, routes, etc.) on each appliance.

 

 

Please refer below link for more information on Central management and its configuration:-

 

https://community.mcafee.com/t5/Documents/Web-Gateway-Understanding-Central-Management-Clustering/ta...

 

 

Regards

Alok Sarda

lepa
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hm,

How to disable director/scan node functionality ?

When we add node in cluster we observe that the one node switch to scan node mode (additional traffic in management interface).

By the way - official documentation

https://docs.mcafee.com/bundle/web-gateway-7.7.0-interface-reference-guide-unmanaged/page/GUID-2EF42...

McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

Apologies for the confusion here on my part.

To confirm you dont want these MWG's in transparent router to be in director/scanner role and all needs to be standalone nodes and all will be geting traffic for processing, correct?

 

Regards

Alok Sarda

lepa
Level 7
Report Inappropriate Content
Message 5 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

You are right!

I`m found solution a hour ago - add additional line to /etc/sysconfig/mfend

MFEND_LBID='52'

with unique number and reboot.

Profit!

McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

What if I have want two independent Proxy HA Groups?

This is possible but requires a change on the CLI to the /etc/sysconfig/mfend file. The default load balancing ID (MFEND_LBID) is 51, so a unique LBID must be given to separate the proxy HA groups. Append the following line to the configuration file after the AUTO GENERATE CONFIG: MFEND_LBID='XX' where XX is the unique load balancing ID.

 

Above above config you will configure independent instances.

 

Can you provide output of below command from your MWG's:-

 

mfend-lb -s

 

VRRP packet will be sent out here.

 

You dont need to configure any Virtual IP Addresses settings on your MWG's.

 

Regards

Alok Sarda 

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center