do you configure your browser to point to MWG directly, or are you using a PAC file or one of the transparent modes?
In case you talk to the MWG directly (e.g. configure its IP address and port in the browser settings manually), no DNS should be performed on the Client.
Can you share some more information?
thanks asabban for your quick response,
the users use the Mcafee web gateway as explicit proxy in the browser.
up to now no users are pointed to the MWG, until we solve the slowness in the browsing speed.
I had like this problem before with a customer who set the real DNS on the machines, when I denied the HTTP/HTTPS traffic for the machines from the cisco ASA, I had slow internet speed and the clients couldn't resolve the names, in that time I allowed the clients to reach the real DNS, by allow rule in the ASA for the DNS servers.
sorry I have missed your answer. I think we need to unterstand in detail what is happening on your client. Do you have any test PC available on which you can replicate the issue and where you can install Wireshark, to capture all network traffic?
If you have one I think we have a good chance to find out what happens if you start capturing traffic in the client, start the browser and try to access a URL. So we can find out if there is anything slow on the client, or if the client sends out the request in time, but Web Gateway does not answer as expected.
Can you provide this information?
Additionally, did you already talk to support about this issue? Maybe they have some more insight.
I created a service request and nothing new , just uploading tcpdump file, they will analyse and reply (this since 2nd of August)
if you would I can send you a tcpdump file generated from the McAfee web gateway . and a feedback file for the configuration
are you waiting since Aug 2nd??
Can you give me the SR number? I can try to find out what is happening there.
I had the same issue and what we did to fix it was to create dedicated DNS servers where only my mcafee proxies had access. This resolved the slowness as well as "host not resolved" issues.
Thanks DBO and cestrada,
I'll check the DNS response on sunday,
cestrada: we are still in a POC, and I can't show the customer anything without good performance for the appliance.
so, is it a general problem with McAfee proxies? cause they have ISA before and they had the external/real DNS servers with good performance.
how can I explain this for the prospect customer?
does the Mcafee proxies have limitations with real DNS?
I have 15 implemetations with local DNS servers, with perfect performance, but when I deal with real/external DNS servers I have slow internet access
( this is the second time )