I am facing some issue in McAfee Client proxy. We are planning to implement MCP in our client and our testing is going. Here I am mentioning our environment.
A, Install the McAfee Client Proxy extension
B. Check in the McAfee Client Proxy client package to ePolicy Orchestrator
C. Select a policy and added NATed IP in Proxy server list and port 9091
D. Deploy McAfee Client Proxy with ePolicy Orchestrator
7. We have created rule in firewall for MWG with NATed public IP to MWG proxy IP with port no 9091
Now Problem is occurred that.
I imagine the policy issue is occurring because the groups received by MCP, and those returned from your Windows domain membership are different.
By default when performing direct proxy authentication, groups will simply be returned with the name of the group, NO DOMAIN IS INCLUDED. Example: Domain Users
By default when using MCP, groups will be returned WITH THE DOMAIN INCLUDE. Example: MCAFEE\Domain Users
So... I'm guessing you have all of your rules written based on the group WITHOUT the domain. You should change it to INCLUDE the domain to account for how MCP will send the groups.
You can do this under Policy > Settings > Engines > Authentication > [pick your auth settings], then check the box for "Prefix groups with domain name..." see screenshot below:
On the second issue, is the MWG in a DMZ that might not permit it to access internal sites? This sounds more like a networking issue. What message are you receiving (cannot connect)?
I have tried the same setting it not working.
Can you provide the authentication seetings rule set for MCP and other requred rule set and rule.