1 2 Previous Next 10 Replies Latest reply on Jun 4, 2013 1:40 AM by otruniger

    Configure Firefox for use with MWG 7.3

    nate.hall

      I amd trying to get Firefox to work with MWG 7.3 but so far not having much luck.

       

      I have configured Firefox to use NTLM by following this doc: https://kc.mcafee.com/corporate/index?page=content&id=KB67094

           - I have seen conflicting information but I have tried both https://scmgateway.<local-fqdn> & https://<fqdn> (so without the scmgateway first).

       

      I have also gone into the Firefox options and turned on "Auto-detect proxy Settings for this network" - which is also configured in the Firefox config network.proxy.type set to 4

       

      I am still not getting filtered using these options. IE works with the auto detect settings because we are pushing down our wpad settings using DHCP 252. Is there something else I need to do in Firefox to get these working?

       

      Thanks!

        • 1. Re: Configure Firefox for use with MWG 7.3
          Jon Scholten

          Hi Nate!

           

          You are bringing up two different things.

           

          1. Authentication

          The article you mentioned is not for the Web Gateway, it is for EWS (separate product), read this instead: https://community.mcafee.com/docs/DOC-4384

           

          2. Deployment of proxy settings

          As for deploying wpad settings, I believe it works the same in FF as it does in IE.

          Here is a site I commonly reference for pac file or wpad file issues:

          http://findproxyforurl.com/

           

          You may want to check out the wpad deployment section.

           

          Best,

          Jon

          • 2. Re: Configure Firefox for use with MWG 7.3
            nate.hall

            Thanks for the reply Jon - I am going through the article you linked but not seeing much so far that helps my situation. I might not have been totally clear so let me reiterate in case you can give me more specific information.

             

            Everything is working perfectly in IE. I've already configured the wpad file (I did actually use findproxyforurl for this) and everything gets filtered in IE as it should. Now, I just can't get Firefox to use the proxy settings. Even though I have set Firefox to Auto detect the proxy settings I can still browse to every site.

            • 3. Re: Configure Firefox for use with MWG 7.3
              andyclements

              Did you setup the WPAD with DHCP or in DNS?  Firefox does not support the DHCP method.

              • 4. Re: Configure Firefox for use with MWG 7.3
                nate.hall

                Ahhh - that's the issue. We have it setup with DHCP

                • 5. Re: Configure Firefox for use with MWG 7.3
                  nate.hall

                  What other options do we have for Firefox? Because we have an issue:

                   

                  We use the same DNS servers for all office locations but we are using a separate MWG VM at each locaiton. So each location has it's own MWG with it's own WPAD/PAC file.

                   

                  I haven't seen anything yet that states FIrefox can't do the DHCP option. On the FindProxyForURL site it simply says to set it up with:

                   

                  Firefox

                  1. Open Firefox.
                  2. Select Tools from the application menu, click Options.
                  3. Click the Advanced section, click Settings under Connection.
                  4. Select Auto-detect proxy settings for this network, click OK
                  • 6. Re: Configure Firefox for use with MWG 7.3
                    DBO

                    I don't know about WPAD but, in a PAC file, you could select the Proxy base on the client IP.  We do that to load balance all even/odd IP address to two different proxy (no HA, they are on different sites/network) , both  acticg as failover to the other one...

                    • 7. Re: Configure Firefox for use with MWG 7.3
                      nate.hall
                      I don't know about WPAD but, in a PAC file, you could select the Proxy base on the client IP.  We do that to load balance all even/odd IP address to two different proxy (no HA, they are on different sites/network) , both  acticg as failover to the other one...

                      This works fine once the client gets to the WPAD file but my concern is more about where the WPAD file is hosted. Take this example:

                       

                      We have remote locations that we will call location A, location B, and location C. We also have our Main office that has all of out main servers. Each location has a MWG server hosting the WPAD/PAC files on it. We have users that use Firefox so we need them to get the settings from the files located on each corresponding MWG. All clients get their DNS settings from the main office, as opposed to DNS from each of their own locations (A, B, or C).

                       

                      So since we only have 1 DNS source but 3 different web proxies how can we configure this? Can we set up 3 different A records? For instance wpadA, wpadB, & wpadC

                      • 8. Re: Configure Firefox for use with MWG 7.3
                        DBO

                        If WPAD systax is the same as for .PAC file, why not simply use one WPAD file for all locations.  The inside logic will dictate at run time (on the client) wich proxy to use...  Evidently, I hope you have a logic IP plan

                        • 9. Re: Configure Firefox for use with MWG 7.3

                          This might be useful.

                          Description of the netmask ordering feature and the round robin feature in Windows Server 2003 DNS

                          http://support.microsoft.com/kb/842197

                           

                          When you are Round Robining multiple A records in MS DNS, it should try to match the closest host to the client's IP address.

                           

                          So if you have 3 networks:

                          192.168.0.0/24

                          192.168.1.0/24

                          192.168.2.0/24

                           

                          And you have 3 A records:

                          192.168.0.100 wpad

                          192.168.1.100 wpad

                          192.168.2.100 wpad

                           

                          The DNS query should automatically return the closest host from the client's IP address. So if my client is 192.168.2.5, i should almost always get 192.168.2.100 back from the DNS query.

                           

                          Your mileage may vary. Try it yourself to see.

                          1 2 Previous Next