6 Replies Latest reply on Apr 8, 2013 2:49 AM by asabban

    McAfee Web Gateway and Whitelisting Unique Devices for file downloading

    tancredi

      Hello,

       

      I have a computer on my network that I want to allow the ability to download large files (patch files and software updates etc). All other computers on my network are not granted the ability to download anything.

       

      Is it possible to whitelist a particular device, perhaps using its MAC address or something, to download particular types of files (.exe's etc)?

       

      I would appreciate some advice.

       

      Thanks

        • 1. Re: McAfee Web Gateway and Whitelisting Unique Devices for file downloading
          asabban

          Hello,

           

          the MAC address is not available within the policy.

           

          You could configure your DHCP server (in case there is any) to give a specific IP address to the MAC address of this computer. Then in MWG you can use Client.IP to allow this specific client IP address.

           

          Best,

          Andre

          1 of 1 people found this helpful
          • 2. Re: McAfee Web Gateway and Whitelisting Unique Devices for file downloading
            tancredi

            Thanks Andre. I will give that a try if possible. Much appreciated.

            • 3. Re: McAfee Web Gateway and Whitelisting Unique Devices for file downloading
              Troja

              Hi all,

              is there any new feature or information available? Today two customers want to build special policies for some clients.

               

              The goal should be to assign a ruleset wo clients located in a given Active Directory OU.

               

              Any ideas?

               

              Cheers,

              Thorsten

              • 4. Re: McAfee Web Gateway and Whitelisting Unique Devices for file downloading
                asabban

                Hello,

                 

                what does "clients located in a given Active Directory OU" mean?

                 

                Is there a OU in Active Directory and the computer object are moved there like this:

                 

                Auswahl_263.png

                Best,

                Andre

                • 5. Re: McAfee Web Gateway and Whitelisting Unique Devices for file downloading
                  Troja

                  Hi Andre,

                  yes you are absolutely right. Endnoed in your OU "My TestComputers" should get a defined ruleset in MWG.

                  Best,

                  Thorsten

                  • 6. Re: McAfee Web Gateway and Whitelisting Unique Devices for file downloading
                    asabban

                    Hello,

                     

                    okay, I think this should be possible, however I think there is much work left for you to do, but I think I can give some hints to get started.

                     

                    To do this we need two pieces of information.

                     

                    Information 1: Hostname

                     

                    Usually it should be possible to get it with DNS.Lookup.Reverse(Client.IP). In a windows environment the IP address should resolve to the computername. If it does not we won't be able to correctly access the hostname and you need to find a good way to get the computer name and send it to MWG somehow. Maybe this can be done with Java Script.

                     

                    I did a small test and for my (very simply) AD structure the DNS property returned "winxp-1.securelabs.local" as my hostname. With the split properties I was able to cut the ".securelabs.local" part, so I had the computer name as it is stored in AD in a user-defined property.

                     

                    Information 2: Machines in OU

                     

                    In my test all I did was resolving all computers from one OU and store their names into a list of strings. So basically I have a user-defined property (list of strings) which contains the computer names. For my screenshot above the list contained:

                     

                    WINXP-1

                    WINXP-5

                     

                    To get this list I used the external list feature:

                     

                    Auswahl_264.png

                    So MWG talks to the AD via LDAP and retrieves the "CN"s of all objects in my OU "MyTestComputers". This is basically a simple list of all computer names. I have one rule which stores the result of the list lookup into a user-defined property with the type "list of string".

                     

                    Now you have a user-defined property containing the hostname and another one that contains a list of all computers in "MyTestComputers". It should be fairly simple to apply rules based on those properties.

                     

                    Best,

                    Andre