Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1638 Views 2 Replies Latest reply: Nov 27, 2012 11:24 PM by sabinkarthikeyan RSS
sabinkarthikeyan Newcomer 13 posts since
Oct 7, 2011
Currently Being Moderated

Nov 1, 2012 2:01 AM

McAfee Client proxy configuration.

Hi all,

 

I am facing some issue in McAfee Client proxy. We are planning to implement MCP in our client and our testing is going. Here I am mentioning our environment.

  1. MWG,EPO,MCP
  2. We have integrated with Active Directory server in LAN environment.
  3. We have created rules and policy for AD group and rules and policy  are getting properly user are able to browse allowed site and restricted site are getting blocked.
  4. Client has May laptop users so client wants to protect that user while users are browsing internet from outside network (Internet card, Home internet connection). But same rule and policy should get.
  5. So we have planned to Implement MCP client
  6. We have completed configuration of MCP in EPO.

A, Install the McAfee Client Proxy extension

B. Check in the McAfee Client Proxy client package to ePolicy Orchestrator

C. Select a policy and added NATed IP in Proxy server list and port 9091

D. Deploy McAfee Client Proxy with ePolicy Orchestrator

        7. We have created rule in firewall for MWG with  NATed  public IP to MWG proxy IP with port no 9091

 

Now Problem is occurred that.

  1. Users are not get same Active directory policy different different group  users are getting one top level rule and policy.
  2. Internal site are not getting access from outside through proxy.

My question.

  1. What are the rules we need to create for MCP client in MWG.
  2. How can by-pass my Internal site.

Regards,

 

Sabin karthikeyan.

  • Jon Scholten McAfee SME 856 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Nov 1, 2012 1:14 PM (in response to sabinkarthikeyan)
    Re: McAfee Client proxy configuration.

    Hi Sabin!

     

    I imagine the policy issue is occurring because the groups received by MCP, and those returned from your Windows domain membership are different.

     

    By default when performing direct proxy authentication, groups will simply be returned with the name of the group, NO DOMAIN IS INCLUDED. Example: Domain Users

     

    By default when using MCP, groups will be returned WITH THE DOMAIN INCLUDE. Example: MCAFEE\Domain Users

     

    So... I'm guessing you have all of your rules written based on the group WITHOUT the domain. You should change it to INCLUDE the domain to account for how MCP will send the groups.

     

    You can do this under Policy > Settings > Engines > Authentication > [pick your auth settings], then check the box for "Prefix groups with domain name..." see screenshot below:

    prefix.png

     

    On the second issue, is the MWG in a DMZ that might not permit it to access internal sites? This sounds more like a networking issue. What message are you receiving (cannot connect)?

     

    Best,

    Jon

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points