I have a quick question. I'm a network engineer and don't deal much on our Network security side. Right now we have a cluster of MWG's sitting behind an F5 being load balanced with a VIP. All of our Domain Machines are using Group Policy explicit Policy which tells the browser anything 80/443 to be filtered by the MWG.
Anything non domain/non windows such as Medical devices use WCCP to route their 80/443 from my campus edge routers to the MWG to be filtered. This has been working great for a while and over the years our InfoSec team has whitelisted sites on both domain and non domain sites with no issue.
Recently non domain devices which are using WCCP, can't white list certain sites and can't figure out why. The only way to get around it and the correct way to do this per mcafee is to create a WCCP rule having that specific IP bypass the site or IP address it's trying to reach. This is begging to be an admin nightmare.
Does this make sense to anyone? Is what McAfee telling me accurate? This has never been an issue in almost 2 years of deployment.
Thanks in advance for the Feedback
I believe some of the sites we were asked about were in fact https traffic. Regardless if the site is by name or IP MWG should be able to whitelist the site for the requesting Client is that correct. Meaning I shouldn't have to go reconfigure my WCCP ACL configuration and make the change there. I should be able to make this change on the MWG.
I confirmed they are all https sites. I did look at the article you sent and this is a possibility. I'm going to grab some wireshark logs and take a look and see if this is what is possibly causing the problem in transparent mode using WCCP.
perhaps this also helps. Do a trace with "policy tracing central", there you can see how the properties are set, like URL, IP, Host and more.
So can generate a LOG File for a specific IP to analyze in Details how the request to MWG Looks like.