cancel
Showing results for 
Search instead for 
Did you mean: 
nsgmike
Level 7

Web Gateway question

Why does it take 15-20 minutes for web filtering to take effect when you add an IP to an exsiting rule under a policy?

0 Kudos
6 Replies
McAfee Employee

Re: Web Gateway question

Hello Mike,

I'm assuming you are speaking of adding a IP to your Web Mapping rules under User Management > Policy Management > Web Mapping.

This should not take that amount of time to take effect, this should take effect right away assuming 'Clear user's cache' is checked in the 'Mapping Cache Control' section is checked (it is by default so the mapping cache is cleared and you do not encounter the issue you are describing).

Which version are you currently running and are you utilizing the multi-process?

~Jon

0 Kudos
nsgmike
Level 7

Re: Web Gateway question

Thats what I am speaking of. Clear users cache is checked and we are running 6.8.5. Not sure if we are utilizing multi-process.

Under the Web Mapping tab there is a Mapping Cache option at the bottom, what are the settings for that? We're currently at the default 30 minutes:

Mapping Cache Increases  the efficiency of the mapping process
Online Help Icon

Time to keep users in cache:                       minutes
Cache failed requests
0 Kudos
McAfee Employee

Re: Web Gateway question

Hello again Mike,

The setting for the Mapping cache relates to exactly what we are discussing, BUT when you hit apply changes in the 'Edit Rules and Options' section with 'Clear User's Cache' checked, this is supposed to clear this mapping cache.

Regarding MP, if you do not know I'm guessing you do not have it enabled.

When you are testing this are you passing the traffic through the device that you made the change on? Also, how are you adding the IP to your rules and how many IPs do you have in the policy-to-IP rule?

~Jon

0 Kudos
nsgmike
Level 7

Re: Web Gateway question

We have about 12 different policies with all different ranges of IPs. We have a testing policy at the top that I use to test different IPs and the changes dont take effect right away, but it is like this with all the policies.

I add IPs by going to User Management -> Edit rules and Options -> Add them to the Current Rule I am using and hit apply.

We have two web gateways so the changes take effect on each appliance.

0 Kudos
McAfee Employee

Re: Web Gateway question

Hello again Mike,

At this point I would recommend opening a service request with support to determine the issue. As stated previously, the expected behavior is near instantaneous effect as you can imagine it would be quite troublesome for us in support if we have to load a customer configuration and wait some time before the changes take effect.

~Jon

0 Kudos
nsgmike
Level 7

Re: Web Gateway question

Thank you for your help and suggestions Jon, however today I went to edit our testing policy and the changes took effect right away. I dont know why last week the changes were not taking effect for at least 15-20 minutes, but today they were instantaneous.

Looks like it is working properly now, if it happens again I will contact support.

Thanks

0 Kudos