cancel
Showing results for 
Search instead for 
Did you mean: 

Web Gateway: DNS setting to solve traffic slowsness

Jump to solution

Hello everyone,

We acquired two macfee web gateways, the first to connect to the domain and the second to use as upstream for traffic filtering.

The internet traffic is absolutely slow, so we can not go into production in these conditions.

I thought it was a DNS problem, and despite all the changes applied to this level still no change.

In the past, when we used forefront TMG as an internal proxy, we had a script that Skip the DNS resolution on the TMG server. which made the traffic flow. But, with the Web Gateway, I do not know if such a script exists or another procedure to solve this problem of slowness.

Our achitecture is: MWG1 -------> Next Hop -------> MWG2 ----> Internet.

My main question is: what are the DNS to put in MWG1 and those to put in the MWG2?

Thank you for your support!

1 Solution

Accepted Solutions

Re: Web Gateway: DNS setting to solve traffic slowsness

Jump to solution

I did once a 2 hop MWG setup (one config cluster)  and it ended that we put back to one. As most of the today traffic is SSl, the proxies had to intercept 2 the traffic. Also the issue with the dynamic URL filtering wich uses DNS querries slowed down the traffic as of missconfiguration on the internal MWG, which had no server with resolver capabilities. In the end, the issues having 2 MWG in line were bigger than doing an exception that the internal MWG could go directly to the internet, having a 2 leg setup

3 Replies
Highlighted
McAfee Employee mkutrieba
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Web Gateway: DNS setting to solve traffic slowsness

Jump to solution

Hi,

 

this seems to be a duplicate of:
https://community.mcafee.com/t5/Web-Gateway/How-to-skip-name-resolution-with-mcafee-web-gateway/m-p/...

 

I think the other can be closed then.

 

Are you sure that DNS is causing the slowness? It is also depending which setup is running. In transparent deployment where clients are not proxy aware they perform their own DNS lookups. In direct proxy setup the MWG is doing this to get IP address for external connection.

Slowness can be caused on many ends, so maybe it is good to open a SR therefore and attach a feedback file as well as rule trace and tcpdump while reproducing the issue with HTTP website www.mwginternal.com for exmaple.

 

Then support can have a look if DNS is really causing slowness or something else.

 

Regards,

Marcel

Re: Web Gateway: DNS setting to solve traffic slowsness

Jump to solution

I did once a 2 hop MWG setup (one config cluster)  and it ended that we put back to one. As most of the today traffic is SSl, the proxies had to intercept 2 the traffic. Also the issue with the dynamic URL filtering wich uses DNS querries slowed down the traffic as of missconfiguration on the internal MWG, which had no server with resolver capabilities. In the end, the issues having 2 MWG in line were bigger than doing an exception that the internal MWG could go directly to the internet, having a 2 leg setup

Re: Web Gateway: DNS setting to solve traffic slowsness

Jump to solution

My 2 mwg are not in cluster : the first is use as internal proxy only for AD authentification and the second are for filtring.

I configure the first MWG proxy to forward DNS resolution to the second proxy who has internet access.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community