Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1529 Views 6 Replies Latest reply: Apr 19, 2013 11:52 AM by itsec RSS
rbarboza Newcomer 31 posts since
Nov 21, 2011
Currently Being Moderated

Apr 17, 2013 9:34 AM

control the bandwidth in the web gateway

Hi

 

Anyone know how I can control the bandwidth in the web gateway 7.3

 

thanks

  • eelsasser McAfee SME 842 posts since
    Mar 24, 2010
    Currently Being Moderated
    1. Apr 17, 2013 10:10 AM (in response to rbarboza)
    Re: control the bandwidth in the web gateway

    You use the Throttle Server(nnn) event

     

    https://community.mcafee.com/thread/37447

     

    https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 23000/PD23273/en_US/MWG_Bandwidth_Throttling.pdf

     

    Also, on 7.3.2, there will be support for DSCP marking of specific traffic so you can coursely prioritizes QoS.

  • itsec Apprentice 65 posts since
    Oct 24, 2012
    Currently Being Moderated
    2. Apr 18, 2013 4:42 AM (in response to eelsasser)
    Re: control the bandwidth in the web gateway

    Hi Erik,

    Do you have any more information about this new feature you can pass on?

     

    I'm looking at some problems we have accessing a certain site (search.cnipr.com) and would like to know if this feature would help prioritise traffic to the site - I don't think the exisiting throttling will achieve the desired effect. 

     

    Testing indicates that it seems to be the website that is most at issue (significantly slows down in the afternoon when I guess US internet users are accessing it) and cannot handle the traffic but I'd like to see if there's anything I can do with the MWG.

     

    I have noticed that if I use a speedcheck tool to measure download speed, the speed is approx half going through the proxy then if I bypass it.  Of course I realise that there are other factors involved here and will be consulting our network service guys to see if there's anything they can do also eg VLAN QoS etc.

     

    Thanks

  • btlyric Apprentice 184 posts since
    Aug 1, 2012
    Currently Being Moderated
    3. Apr 18, 2013 5:23 AM (in response to itsec)
    Re: control the bandwidth in the web gateway

    If you are asking about the DSCP feature, I can provide a bit of input.

     

    7.3.2 beta adds the feature to set a DSCP flag on traffic. As with any other rule, you can set whatever criteria you want to trigger the rule and then set the DSCP flag via Events.

     

    So, for example, you could create a rule that identifies traffic to Social Networking sites and set a DSCP flag that your routers will understand to mean to de-prioritize that traffic.Or prioritize the traffic if that's what you want.

     

    Another angle -- if you're dealing with a website with slow response, you may want to enable Extended Timeout for that specific destination. For example, I have a rule that uses this criteria:

     

    URL.Destination.IP is in range list Extended Timeout OR

    URL.Host is in list Extended Timeout Host

     

    If that rule is activated, Event Enable Proxy Control <Extended Timeout> is applied.

     

    The Extended Timeout config has the checkbox for Change timeout value selected and a subsequent Connection timeout value that exceeds the default (which I think is something like 120 seconds). We had a remote system that was generating reports that took over 2 minutes to complete, so it is now part of the Extended Timeout group.

  • satbir Apprentice 85 posts since
    Oct 9, 2011
    Currently Being Moderated
    4. Apr 19, 2013 10:19 AM (in response to btlyric)
    Re: control the bandwidth in the web gateway

    Wow! DSCP marking in MWG! Can't wait to test out this feature! 

     

    Regards,

    Satbir


    SS
  • itsec Apprentice 65 posts since
    Oct 24, 2012
    Currently Being Moderated
    5. Apr 19, 2013 11:39 AM (in response to btlyric)
    Re: control the bandwidth in the web gateway

    Hi btlyric,

    Thanks for the info re DSCP.  After further testing we've discovered that it's an external problem as we bypassed the proxy and created simple packet filters for that host on the firewall but there was no change.  We have a proxy in the far east so I configured my browser to use this one (same version as my normal proxy) and performance was vastly improved.

    I like the tip on timeouts although I don't think in this instance it would have changed anything.

    For the time being I will see if we can configure the users to use a different browser configured to the far east proxy.  More long-term I would imagine that I could create a rule set that identifies a request for the site and routes it through the far east proxy without configuring an extra browser.

    Something like:

     

    URL.Host is inlist [wildcardlist for *.cnipr.com]

    Action: continue

    Event: enable next hop proxy

     

    although I don't seem to be having much success initiailly...tcpdump shows that tcp is being fwded to the next hop proxy but I'm getting a http 502 bad gateway error/ MWG bad response "the proxy did not receive a valid response in time".

    need to do some testing!

     

     

    
  • itsec Apprentice 65 posts since
    Oct 24, 2012
    Currently Being Moderated
    6. Apr 19, 2013 11:52 AM (in response to itsec)
    Re: control the bandwidth in the web gateway

    looks like it's an authentication issue.

    If I'm using ntlm authentication against AD, how does the authentication pass to the next hop proxy.  My redirect rule is in with the standard global whitelist rule set which is after authentication > site review template > troubleshooting > global whitelist

    Thanks

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points