cancel
Showing results for 
Search instead for 
Did you mean: 
lepa
Level 7
Report Inappropriate Content
Message 1 of 6

Multiple MWG in transparent router mode

Jump to solution

We have installed multiple MWG in transparent mode behind hardware balancer. All MWG configured to serve in standalone mode.

It is possible to configure of the MWG to central management for ONLY central configuration (MWG should be independent one from other) without director/scan node functionality?

 

1 Solution

Accepted Solutions
Highlighted
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

What if I have want two independent Proxy HA Groups?

This is possible but requires a change on the CLI to the /etc/sysconfig/mfend file. The default load balancing ID (MFEND_LBID) is 51, so a unique LBID must be given to separate the proxy HA groups. Append the following line to the configuration file after the AUTO GENERATE CONFIG: MFEND_LBID='XX' where XX is the unique load balancing ID.

 

Above above config you will configure independent instances.

 

Can you provide output of below command from your MWG's:-

 

mfend-lb -s

 

VRRP packet will be sent out here.

 

You dont need to configure any Virtual IP Addresses settings on your MWG's.

 

Regards

Alok Sarda 

5 Replies
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

Hope you are doing well.

Yes it is possible for all the MWG's to be in central management functionality without having Proxy HA functionality without director/scan node functionality.

 

Central Management is used to synchronize the configuration (policy) between two or more McAfee Web Gateway appliances. This is useful as it solves the problem of making duplicate changes on each appliance. Everything under the “policy” tab, along with the admin accounts, is synced automatically when creating the cluster. Each time a change is made and “Save Changes” is invoked the change will be propagated to all cluster members automatically. This allows the administrator to ensure that filtering policy is the same no matter which appliance is handling a given request.  Settings under the Configuration tab are unique for each cluster node.  This allows the administrator to assign separate networking configuration (IPs, routes, etc.) on each appliance.

 

 

Please refer below link for more information on Central management and its configuration:-

 

https://community.mcafee.com/t5/Documents/Web-Gateway-Understanding-Central-Management-Clustering/ta...

 

 

Regards

Alok Sarda

lepa
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hm,

How to disable director/scan node functionality ?

When we add node in cluster we observe that the one node switch to scan node mode (additional traffic in management interface).

By the way - official documentation

https://docs.mcafee.com/bundle/web-gateway-7.7.0-interface-reference-guide-unmanaged/page/GUID-2EF42...

McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

Apologies for the confusion here on my part.

To confirm you dont want these MWG's in transparent router to be in director/scanner role and all needs to be standalone nodes and all will be geting traffic for processing, correct?

 

Regards

Alok Sarda

lepa
Level 7
Report Inappropriate Content
Message 5 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

You are right!

I`m found solution a hour ago - add additional line to /etc/sysconfig/mfend

MFEND_LBID='52'

with unique number and reboot.

Profit!

Highlighted
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Multiple MWG in transparent router mode

Jump to solution

Hi,

What if I have want two independent Proxy HA Groups?

This is possible but requires a change on the CLI to the /etc/sysconfig/mfend file. The default load balancing ID (MFEND_LBID) is 51, so a unique LBID must be given to separate the proxy HA groups. Append the following line to the configuration file after the AUTO GENERATE CONFIG: MFEND_LBID='XX' where XX is the unique load balancing ID.

 

Above above config you will configure independent instances.

 

Can you provide output of below command from your MWG's:-

 

mfend-lb -s

 

VRRP packet will be sent out here.

 

You dont need to configure any Virtual IP Addresses settings on your MWG's.

 

Regards

Alok Sarda 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community