cancel
Showing results for 
Search instead for 
Did you mean: 
mystic34
Level 7

WCCP configuration with MWG

Hello,

I have a quick question. I'm a network engineer and don't deal much on our Network security side. Right now we have a cluster of MWG's sitting behind an F5 being load balanced with a  VIP. All of our Domain Machines are using Group Policy explicit Policy which tells the browser anything 80/443 to be filtered by the MWG.

Anything non domain/non windows such as Medical devices use WCCP to route their 80/443 from my campus edge routers to the MWG to be filtered. This has been working great for a while and over the years our InfoSec team has whitelisted sites on both domain and non domain sites with no issue.

Recently non domain devices which are using WCCP, can't white list certain sites and can't figure out why. The only way to get around it and the correct way to do this per mcafee is to create a WCCP rule having that specific IP bypass the site or IP address it's trying to reach. This is begging to be an admin nightmare.

Does this make sense to anyone? Is what McAfee telling me accurate? This has never been an issue in almost 2 years of deployment.

Thanks in advance for the Feedback

0 Kudos
5 Replies
catdaddy
Level 20

Re: WCCP configuration with MWG

Moved to Business > Web Gateway >Discussions > For a faster response

Cliff

Moderator

Cliff
McAfee Volunteer
0 Kudos
McAfee Employee

Re: WCCP configuration with MWG

Hi Mystic,

Is this HTTPS traffic? It's all dependent on how the client is making the request, if it's by IP then we need to whitelist the IP, but if the client make it by name we can whitelist by name.

It could be that the client isnt including SNI in the request ().

Best Regards,

Jon

0 Kudos
mystic34
Level 7

Re: WCCP configuration with MWG

I believe some of the sites we were asked about were in fact https traffic. Regardless if the site is by name or IP MWG should be able to whitelist the site for the requesting Client is that correct. Meaning I shouldn't have to go reconfigure my WCCP ACL configuration and make the change there. I should be able to make this change on the MWG.

0 Kudos
mystic34
Level 7

Re: WCCP configuration with MWG

I confirmed they are all https sites. I did look at the article you sent and this is a possibility. I'm going to grab some wireshark logs and take a look and see if this is what is possibly causing the problem in transparent mode using WCCP.

0 Kudos
Troja
Level 14

Re: WCCP configuration with MWG

Hi ,

perhaps this also helps. Do a trace with "policy tracing central", there you can see how the properties are set, like URL, IP, Host and more.

I also posted a Debug LOG in an earlier thread:

So can generate a LOG File for a specific IP to analyze in Details how the request to MWG Looks like.

Cheers

0 Kudos