cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Recommended MWG Deployment for unmanaged and managed device

Hi All,

 

I would like to seek your recommendation on the type of deployment to be used and the ideal placement of the MWG on the attached file. Client requirement is access ontrol and filtering using a dedicated web gateway.mwg setup.png

3 Replies
marcus69
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Recommended MWG Deployment for unmanaged and managed device

Hi Marlon,

i cannot see anything special on your Enviroment.

So i'd suggest to establish a webgateway on a demilitarized zone, that is accessible by Firewall Rule from internal users and from umanaged devices.

For unmanaged devices you'll probably have to insert a transparent Proxy on your firewall that routes incoming requests on tcp/80 and tcp/443 to the webgateway.

Until here, this is no rocket science and a common scenario i've realized for many of our customers.

Best regards
     Marcus

P.S.: If you find this post helpful, thank You for giving it a Kudo :o)

Re: Recommended MWG Deployment for unmanaged and managed device

Thanks Marcus.  This is the detail of the requirement specific subnet from the internal user must connect to a specific IP address of MWG and goes out to specific ISP is it feasible ?

marcus69
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: Recommended MWG Deployment for unmanaged and managed device

Hi Marlon,

this would be a question for your firewall supporter.

Lets assume all ISPs are directly associated to your firewall. Your internal net is 192.168.1.1/24, and the DMZ which contains the MWG is 192.168.2.1/24. The Firewalls gateway IP on the DMZ is 192.168.2.1, the MWG has 192.168.2.250

Basically the MWG acts as a Proxy listening by default on Port 9090 on 192.168.2.250. So you have to configure the use of a proxy on 192.168.2.250:9090 for the internal clients.

Based on the MWGs Ruleset, it forwards the request to the firewall (= Default GW =192.168.2.1) that routes it to the internet.

So it is up to Your firewall to decide which ISP to use for this connection. If your firewall is capable of policy based routing, you may establish a rule to use a certain ISP for the Webgateway.

Best regards
     Marcus

P.S.: If you find this post helpful, thank You for giving it a Kudo :o)
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community