2 Replies Latest reply on May 3, 2017 4:00 PM by karthikeyan.duraisamy@oracle.com

    Mcafee Web Gateway Cloud Services:

    karthikeyan.duraisamy@oracle.com

      Hello Experts,

       

      I'm new into Mcafee Web Gateway Cloud Services. I have asked to evaluate Mcafee Web Gateway Cloud Services for my organization.

       

      I have the following questions, could someone in this group please explain.

       

      1.We have a cloud which has 500+ VMs. We want all the outbound traffic goes via proxy. We are planning to use the proxy from McAfee WGCS for this purpose.

       

      My questions now:

      Is it required/mandatory to install client proxy software in all 500+ VMs to use the McAfee WGCS? If "No",

       

      2. We got the trial account in McAfee epo for WGCS.

      Got the below web proxy url:  c11853xxxx6.saasprotection.com

      Could you please explain how to use this proxy URL in 500+ VMs in our cloud.

       

      3. I would like to understand the architecture and communication flow of McAfee Web Proxy Cloud Services. Any document links for this would be more helpful.

       

      Thanks in advance.

       

      Regards,

      Karthik

        • 1. Re: Mcafee Web Gateway Cloud Services:
          Jon Scholten

          Hi Karthik!

           

          Welcome to the Web Gateway Community!

           

          I wrote a best practice for managing MCP for use with the Web Gateway Cloud Service, here: Web Gateway Cloud Service: Deploying and managing McAfee Client Proxy with ePO Cloud

           

          On #1, is this a private cloud or a public cloud?

          • If private cloud, you could use IPRange authentication (assuming the VMs come from a fixed public IP). In the WGCS you would just configure your public IP, and point configure the browsers to use cXXXXXX.saasprotection.com on port 8080.
          • If public cloud, then MCP would be the best bet because the public IP will vary. MCP allows for the WGCS to understand what customer you are and doesnt rely on your public IP.

           

          On #2, it depends on #1. If you using IPrange authentication, you can just configure the browser settings. If you're using MCP then you would configure it in MCP settings as per the guide mentioned above.

           

          On #3, here is an older guide which talks about MCP and how it works overall (its a bit dated) but might help. Web Protection: Configuring McAfee Client Proxy (MCP) for Web Hybrid

           

          Let me know if you are looking for something different on #3.

           

          Here's a link to the best practices for the Web Gateway Cloud Service too: Web Gateway Cloud Service

           

          Best Regards,

          Jon

          • 2. Re: Mcafee Web Gateway Cloud Services:
            karthikeyan.duraisamy@oracle.com

            Hi Jon,

            Thank you very much for providing the explanation on my queries.

             

            Our environment Background: We have got both Private and Public Cloud. But I started the evaluation of WGCS for Public Cloud now. We are looking for WGCS solution for public cloud and private cloud.

             

            # 1:

            In our Public Cloud environment, We are using the “persistent public IP” feature on every customer environments which will make sure that IP addresses are permanent.

            Our focus is, We would like to use WGCS without installing MCP in our cloud to save time and resources.

            It looks IP Range authentication is best suitable for our environment.

             

            Additional Questions:

            • What other authentication methods supported if we go without MCP in our cloud?
            • Does it require internet connection from all the VMs in our cloud to WGCS proxy URL? ( I believe “Yes”, wanted a confirmation your confirmation)

             

            # 2,  Clear now. Thank you, J

             

            # 3,

            We are looking for high level architecture and communication flow diagram of McAfee WGCS (with MCP and without MCP).

            For example,

            With MCP , how MCP connect to proxy url ? what protocol it uses ?

            Without MCP, how the browser connect to proxy url ? what URL it uses it ?

            Thank you so much.

            Best Regards.

            Karthik