cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AlexanderW
Level 8
Report Inappropriate Content
Message 1 of 3
‎11-11-2020 10:55 PM

Provision of the PAC at the WebGateway via HTTPS

Jump to solution

We are hosting our proxy PAC file on the McAfee Web Gateway.

Currently, we are calling "http://proxy.domain.local/proxy.pac" to get the PAC file.
This procedure works fine.

I would like to ask if it is possible to get the PAC file through HTTPS
(->"https://proxy.domain.local/proxy.pac").

My efforts so far:
I added a new entry for the listener port (see Screenshot_1.png).
With this entry, I can connect to the Web Gateway but I got a status code 400 in rule tracing (Screenshot_2.png).
I am aware of the procedure of how SSL is working.
Using Wireshark I can see that my client is sending a "client hello" but the server did not send the "server hello" message.
I am sure that this is because I did not tell the Web Gateway to do this.

Is there any documentation that describes setting up the delivery of files over HTTPS on the WebGateway from the start?

0 Kudos
Reply
1 Solution

Accepted Solutions
AlexanderW
Level 8
Report Inappropriate Content
Message 3 of 3
‎11-22-2020 10:25 PM

Re: Provision of the PAC at the WebGateway via HTTPS

Jump to solution

I found a solution that works for me.
Thanks to @aloksard, @Former Member and richard. 

I did the following steps:

Configuration > Appliance > Proxies
The "Ports treated as SSL" on Listener 0.0.0.0:443 have to be a * (star).

Configuration > Appliance > File Server
Ticked "Enable dedicated file server port over HTTPS" and inserted 127.0.0.1:4714 as HTTPS connector.

Policy > Lists > NextHopProxy
Added a new entry (Host: 127.0.0.1; Port 4714)

Policy > Settings > Next Hop Proxy
Added a new entry (select List from the step before)

Policy > Rule Sets
Added a new Ruleset for HTTPS

  • On top of the rulset I added
    • Enable SSL Client Context with CA
    • Enable SSL Scanner (content inspection)
  • request cycle events (sub ruleset 1)
    • Set URL.Path = "/files/proxy2.pac"
    • Enable Next Hop Proxy = "Next Hop Proxy Setting from step before"
  • responses & embedded cycle (sub ruleset 2)
    • response of file like on HTTP

View solution in original post

0 Kudos
Reply
2 Replies
jacek
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3
‎11-19-2020 03:53 AM

Re: Provision of the PAC at the WebGateway via HTTPS

Jump to solution
First of all you have to setup a file server on HTTPS: Configuration - Applicance - File Server, select:
Enable dedicated file server port over HTTPS: 4714
On Port Forwarding page, add new forward from target port 443 to destination IP and destination port 4714.

After this, you should be able to access web server on MWG over HTTPS.

For more info see https://kc.mcafee.com/agent/index?page=content&id=KB68998
Reply
AlexanderW
Level 8
Report Inappropriate Content
Message 3 of 3
‎11-22-2020 10:25 PM

Re: Provision of the PAC at the WebGateway via HTTPS

Jump to solution

I found a solution that works for me.
Thanks to @aloksard, @Former Member and richard. 

I did the following steps:

Configuration > Appliance > Proxies
The "Ports treated as SSL" on Listener 0.0.0.0:443 have to be a * (star).

Configuration > Appliance > File Server
Ticked "Enable dedicated file server port over HTTPS" and inserted 127.0.0.1:4714 as HTTPS connector.

Policy > Lists > NextHopProxy
Added a new entry (Host: 127.0.0.1; Port 4714)

Policy > Settings > Next Hop Proxy
Added a new entry (select List from the step before)

Policy > Rule Sets
Added a new Ruleset for HTTPS

  • On top of the rulset I added
    • Enable SSL Client Context with CA
    • Enable SSL Scanner (content inspection)
  • request cycle events (sub ruleset 1)
    • Set URL.Path = "/files/proxy2.pac"
    • Enable Next Hop Proxy = "Next Hop Proxy Setting from step before"
  • responses & embedded cycle (sub ruleset 2)
    • response of file like on HTTP
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC