6 Replies Latest reply on Sep 12, 2017 8:29 AM by rtragoo

    Next hop proxy question

    rtragoo

      Hello everyone,

       

      The situation I have is MWG does not detect when the Internet connection is down.

       

      The MCP detects a proxy which is up and try to get an answer from this url in the Internet: http://mcp.webmaster.com/test/MCP.txt. If it does not receive any answer ( what is going to happen when Internet is down), it only remains in standby state waiting and traffic is not redirected to any other proxy. In this case, the MCP does NOTHING.

       

      Can next hop proxy for fail-over resolve this issue ? Any insight will be helpful. Thank you in advance

        • 1. Re: Next hop proxy question
          catdaddy

          Discussion successfully moved from Community Support to Web Gateway

          • 2. Re: Next hop proxy question
            mkutrieba

            Hi,

             

            This is as designed due to KB article:

            https://kb.mcafee.com/agent/index?page=content&id=KB86717

             

            There seems to be a captive portal.

            So far I know there is no further fail over.

             

            What you need to do:

            "McAfee recommends that you allow access for MCP to retrieve this file from the McAfee download servers so MCP can complete the check and allow MCP to properly redirect traffic to the configured proxy servers."

             

            Please let us know if you have further questions.

             

            Regards,

            Marcel

            • 3. Re: Next hop proxy question
              rtragoo

              Hi Marcel,

               

              I came across the KB article already, there is no captive portal in our configuration and i noticed the article explicitly says thats when the connection fails MCP will NOT redirect to the proxy servers listed in configuration. My question what do i do in this case is when the connection fails? How can i use the backup proxy until the connection returns? Can next hop proxy on MWG help in this case?

               

              Regards,
              Aarti

              • 4. Re: Next hop proxy question
                Jon Scholten

                Hi Aarti!

                 

                This is an interesting situation.

                I came across the KB article already, there is no captive portal in our configuration and i noticed the article explicitly says thats when the connection fails MCP will NOT redirect to the proxy servers listed in configuration. My question what do i do in this case is when the connection fails? How can i use the backup proxy until the connection returns? Can next hop proxy on MWG help in this case?

                 

                MCP by default will redirect traffic through the proxy if the captive portal check fails and the proxy is reachable. I dont believe MCP does the captive portal THROUGH the proxy, or if it does, I'm not sure that it changes how it behaves based on the results. (hopefully that makes sense)

                 

                In your scenario, you say that the internet is down in FL, MCP should use the MN proxy (wooooo MN!). It would be useful here if MCP performed the captive portal check THROUGH the proxies, to decide which one to use.

                 

                The idea about using a next hop proxy would work assuming the WAN link between the FL proxy and the MN proxy is still up. Would the WAN link still be up between FL and MN? I would assume not.

                 

                Best Regards,

                Jon

                • 5. Re: Next hop proxy question
                  snoehler

                  Just a short note; MCP does the captive portal through the proxy. This behavior was changed in Version 2.3.1

                   

                  Quote from the Release Notes:

                  Client Proxy routes the captive portal check through the proxy server instead of the firewall

                  • 6. Re: Next hop proxy question
                    rtragoo

                    Hi Jon, thank you for replying !!

                     

                    Yes the WAN link will be up in FL, because we are using also using a MPLS to connect to MN. Do you know of any KB articles that can assist me in setting up the Next hop proxy on the condition that FL proxy fails?