Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1311 Views 8 Replies Latest reply: Dec 30, 2013 10:52 AM by jdepriest RSS
nate.hall Apprentice 81 posts since
Nov 5, 2012
Currently Being Moderated

May 6, 2013 1:23 PM

Web Hybrid Lists

Is there a way to sync the policy scheduling from the SaaS control console to MWG 7? I know how to sync the policies to and from the SaaS. I also know in the lists there is a WebHybrid Group Subscription and WbeHybrid lists. How do I set up the rule to enable MWG 7 to just use the Web Hybrid groups/policies?

  • Jon Scholten McAfee SME 853 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. May 6, 2013 2:34 PM (in response to nate.hall)
    Re: Web Hybrid Lists

    Hi Nate,

     

    At the moment policy syncing of scheduling is not possible. You are speaking of the section in the SaaS console under Web Protection > Policies > Policy Scheduling, correct?

     

    Here is some examples if you wish to formulate rules based on time in the MWG:

    #730 - 0959

    ((DateTime.Time.Hour equals 07 AND DateTime.Time.Minute greater than or equals 30) OR (DateTime.Time.Hour greater than or equals 08))

    AND

    (DateTime.Time.Hour less than 10)

     

    #1010 - 1159

    ((DateTime.Time.Hour equals 10 AND DateTime.Time.Minute greater than or equals 10) OR (DateTime.Time.Hour greater than or equals 11))

    AND

    (DateTime.Time.Hour less than 12)

     

    #1230-1450

    (DateTime.Time.Hour equals 12 AND DateTime.Time.Minute greater than or equals 30)

    OR

    (DateTime.Time.Hour equals 13)

    OR

    (DateTime.Time.Hour equals 14 AND DateTime.Time.Minute less than 50)

     

    #1500 - 1559

    (DateTime.Time.Hour equals 15)

     

    As of right now, the synchronization functionality is limited to the items available in the MWG UI. Meaning SaaS functionality cannot be synced TO MWG (despite it having some of the capabilities I'm sure).

     

    As far as how to use Web Hybrid groups/policies, there is a rule set in the library called "Web Hybrid - Apply HybridPolicy on Premise". This can be used to apply the policies you have defined in the cloud on-premise.

     

    In the future though I think this will be turned around. MWG policy will be synced to the cloud.

     

    Best,

    Jon

  • Jon Scholten McAfee SME 853 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. May 6, 2013 3:00 PM (in response to nate.hall)
    Re: Web Hybrid Lists

    The SaaS policy ruleset does not incorporate authentication, so your groups are not known when you are going through the MWG.

     

    How are you authenticating with SaaS? I would imagine MCP.

     

    If MCP, then you can incorporate the MCP authentication ruleset into the MWG rules and assign policy based on group membership.

     

    Best,

    jon

  • Jon Scholten McAfee SME 853 posts since
    Nov 3, 2009
    Currently Being Moderated
    5. May 9, 2013 3:38 PM (in response to nate.hall)
    Re: Web Hybrid Lists

    Hi Nate,

     

    There is a couple of things to take away from this:

    1. MCP will failover is a proxy is not reachable (so it will use the first available proxy) -- so far as I remember

    2. If MCP is not used for redirection when users on the network, then some other form of authentication will need to be done on the Web Gateway to perform filtering based on user or group

    3. MWG does not have Policies in the sense that SaaS does. This is by design because the Web Gateway is so flexible. SaaS on the other hand is a bit more rigid in its design this makes it more consumable for the masses.

     

    Ultimatley it may not be a bad idea to specify the Web Gateway in the MCP configuration (first in the list so SaaS is not used on-premise), this way Authentication can be handled by MCP and proxy settings do not need to be used, or if you are using WCCP, then you do not need to setup the authentication server (https://community.mcafee.com/docs/DOC-4384).

     

    On the topic of policies you could have MWG setup like the SaaS proxies (by using the ruleset in the library), but this limits the features you are able to use on the MWG. For example (for illustration purposes) MWG only allows you to sync URL whitelists/blacklists, URL Category whitelists/blacklists, and AV settings TO SaaS or FROM SaaS. In your MWG policies, you are blocking exe downloads because its policy to do so. If you used the ruleset in the library you dont have the option to block exe downloads because it is not apart of the feature set.

     

    In the future revisions this will change but at the moment if you to use the SaaS policy information to forumlate your MWG policies you may be limiting what the MWG can do. You can modify the SaaS policy rules, but you'd have you maintain it in two places still.

     

    I know you have a case open on this, so I may chime in there but I'm out of the starting tomorrow, and will be back on next Wednesday.

     

    Best,

    Jon

  • Jon Scholten McAfee SME 853 posts since
    Nov 3, 2009
    Currently Being Moderated
    7. May 17, 2013 5:42 PM (in response to nate.hall)
    Re: Web Hybrid Lists

    Hi Nate,

     

    Each failure ID has a failure reason string (human readable), the property is Authentication.FailureReason.Message.

     

    0 No Failure - Authentication was fine

    1 Unexpected Credentials - Authentication was out of expected order (applies to NTLM)

    2 Unknown User - User doesnt exist in directory.

    3 Wrong Password - Bad password (can apply in other situations, see https://community.mcafee.com/message/268185#268185)

    4 No Credentials - No credentials were sent (ignore if authentication hasnt failed -- NTLM)

    5 No Server Available - Directory server MWG attempted to contact was not reachable.

    6 Proxy Timeout - MWG was communicating with a resource and it took too long to get an answer.

    7 Server Timeout - ?

    8 Communication Error - Server that MWG was communicating with shut down the connection.

    10000 Internal Error -catch all

     

    Using the failureIDs is not without their pitfalls though:

    https://community.mcafee.com/message/268185#268185

     

    Do you have a use case for the failure IDs? Most of the time the you should only look at the failure ID if authentication actually failed (Authentication.Failed equals true).

     

    Best,

    Jon

  • jdepriest Newcomer 3 posts since
    Nov 20, 2013
    Currently Being Moderated
    8. Dec 30, 2013 11:49 AM (in response to Jon Scholten)
    Re: Web Hybrid Lists

    In a version 7.3 installastation, what's the best way to get this list of failured IDs to record a text string in a log file instead of a numeric code? I'm sure it will involve mapping, but I have no experience doing that from scratch.

     

    Thanks!

     

    Edit: never mind. I found Authentication.FailureReason.Message. I did go ahead and create a map so I could include your comments but I am not actually using it in the rules; it is just for reference.

     

    Message was edited by: jdepriest on 12/30/13 11:49:53 AM CST

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points