2 Replies Latest reply on Jul 11, 2011 8:50 AM by luizricardo

    Beginner doubt's to implementing MWG7

    luizricardo

      Hi guys!

       

      I'm beginner when we talk about McAfee Webgateway and is my first post with some doubts around MWG implementation.

       

      In my company we have a Squid Explicit proxy and will use MWG. We have only one appliance without HA.

      ACtualTopology.png

       

      What's the best solution to do this and what I can use to do some redundancy ?

       

      What we are thinking to do:

      - MWG with explicit mode proxy

      - Shutdown Squid proxy with the same IP address and proxy port and when MWG turn off we turn Squid On.

       

      Or

       

      Do this environment in transparent mode and when the MWG turn off we turn on firewall policy able to permit http/https connection without filtering policies.

       

      So, look our environment help me what we can do ?

      I've implemented MWG in explicit mode and works fine.

      ACtualTopology-2.png

       

      If we want do the MWG implementation in transparent mode, what we need change in topology ?

       

      Thanks and sorry my doubts.

       

      Cheers!

       

      d(-_-)b

      Luiz Ricardo

       

      Message was edited by: luizricardo on 7/6/11 3:24:39 PM CDT
        • 1. Re: Beginner doubt's to implementing MWG7
          asabban

          Hello,

           

          I think a very easy scenario that gives you redundancy could be the following:

           

          - MWG7 deployed as explicit proxy

          - Squid deplyined as explicit proxy

           

          Both systems are on the same subnet and have different IP addresses. You can create a PAC file and host this on a Web Server which is accessible from the Clients. The PAC file should be mandatory and configured to the Client computers. The PAC file will tell all browsers to browse through MWG7 and if that fails through Squid.

           

          Only in the case MWG7 is not reachable the browsers will use Squid to get out to the internet. You certainly need to make sure that your Users do not switch the browsers configuration from Proxy.PAC usage to explicitly use Squid, because that will allow them to bypass all filtering.

           

          You can certainly deploy MWG7 transparently. You can put it between Squid and Firewall in transparent bridge mode for example, without the need to change anything on the clients or the network. The downside is that if either Squid or MWG7 goes down, Internet Access will fail.

           

          I hope that gives you some ideas.

           

          Best,

          Andre

          • 2. Re: Beginner doubt's to implementing MWG7
            luizricardo

            Thanks Man!

             

            I'll do something like your choices.

             

            MWG7 explicit mode and all browsers configuration to proxy FQDN, so when the MWG7 going down I will change the FQDN ip address in DNS and the navigation will be with SQUID Proxy and deploy this configuration with Windows GPOs.

             

            Cheers,

             

            Luiz Ricardo

             

            Message was edited by: luizricardo on 7/11/11 8:50:10 AM CDT