Showing results for 
Search instead for 
Did you mean: 
McAfee Employee

Using Subscribed Lists for MCP Bypass

Many customers have asked if it is possible to use subscribed lists for creating MCP bypasses. It is possible and can be done currently, however updating the Common Catalog (tied to the MCP policy) is currently a manual file import process. Therefore keeping your subscribed lists up to date will require a little extra effort until the Common Catalog import can be automated.

Getting the subscribed list you want and updating the source:

Configure a list to reference the subscribed lists in the MWG GUI under Policy > Lists. Select Subscribed Lists  and right-click and select Add


Name your list, add comments if desired, then select List Content is managed remotely, then choose McAfee Supplied list, then click on Choose. Choose your list from the drop down list. Then click on OK in the Choose List Content dialog and then OK in the Add List dialog.

Save your changes in the MWG GUI if you haven't already done so.

Your new list will be added to the appropriate type group. Select the list and click on export


Save the exported list and then open it with a file editor. The export will not be the contents of the list but will give you the filename/id that you will need in the next step.


Save your changes in the MWG GUI if you haven't already done so.

Converting the subscribed list:

Two types of subscribed lists are supported by Common Catalog and the conversion program. IP Range and String/Domain. The attached java program can be put on your MWG and executed via cron job on a periodic basis. It is recommended that you create the output files in \opt\mwg\files so that they can easily be retrieved via URL (without authentication) or from the GUI. 

Move the java program to \usr\bin\ConvertSList.jar

Set up a cron job to execute the following command on a periodic basis (You will have a cron entry for each list you want to have available for Common Catalog import)

java -jar \usr\bin\ConvertSList.jar /opt/mwg/storage/subscribed_lists/update_server/com.scur.type.<list type>.<list ref #>.xml> > /opt/mwg/files/<dest filename>


java -jar ConvertSList.jar /opt/mwg/storage/subscribed_lists/update_server/com.scur.type.string.166.xml > /opt/mwg/files/string166.xml would convert subscribed string list com.scur.type.string.166.xml to a file named string166.xml

java -jar ConvertSList.jar /opt/mwg/storage/subscribed_lists/update_server/com.scur.type.iprange.4148.xml > /opt/mwg/files/iprange4148.xml would convert subscribed string list com.scur.type.iprange.4148.xml to a file named iprange4148.xml

Getting the converted subscribed list from MWG:

If you've put the files in /opt/mwg/files you can get them from the MWG GUI by going to Troubleshooting > <ApplianceName> > Files:


Or you can enable the file server for HTTP or HTTPS through the MWG administrative GUI under Configuration > File Server. Default ports are 4713 for HTTP and 4714 for HTTPS.


Converted files can then be retrieved via URL in browser.




Importing the subscribed list into the Common Catalog: 

Log into your ePO server and select Common Catalog under Common Catalog in the Main Menu.

Select the Common Catalog that matches the MCP Policy you want to add the subscribed list to, then select Actions > Import From > File.


Choose your downloaded converted subscribed list file then find it and select it in the Import Catalog Dialog and click OK


That's it. If you've set up the cron job the list on MWG will automatically update as the subscribed list changes. You will still have to periodically download the list from MWG and import it into the common catalog to keep it current, but you could write a script to periodically check to see if the file has changed on MWG and notify you that it needs updating in the Common Catalog.

Yes, as mentioned before, this would be much nicer if it could be fully automated, but AFAIK there is no way to currently automate the file import into Common Catalog.

Comments and suggestions welcome as always