1 Reply Latest reply on Aug 27, 2013 7:03 AM by skloepping

    3 x Web Gateway in Proxy HA behind McAfee Firewall Enterprise as upstream proxy

    krzysztof.anzorge

      Hi,

       

      I'am in customer site with 3x MWG 5500 installation.

      Customer have McAfee Firewall Enterprise (v 8.3.x).

      Web Gateway-s are placed in McAfee Firewall Enterprise DMZ.

      Ports 80 and 443 are redirected to VRRP address of proxy HA config (in MWG) using firewall option "upstream proxy" without NAT.

      Everything looks OK, but I see, that onlu first Web Gateway (Primary Director) scans users traffic.

      Others two Web Gateways not scan users traffic.

       

      Question why only first MWG (primary Director) scan traffic.

       

      Below You have screens from Proxy HA config and Firewall upstream redirect.

       

       

      mwg_traffic_only_first_scan.JPG

      First MWG (MWG01) - Primary Director:

      proxyHA_MWG01.JPG

      Secong MWG (MWG02) - Secondary Director:

      proxyHA_MWG02.JPG

      Third MWG (MWG03) - Scanner:

      proxyHA_MWG03_Scanner.JPG

       

      MFE upstream proxy config:

       

      MFE_upstream-proxy.JPG

       

      Any ideas why only first MWG scan traffic?

       

      Best regards

       

      Krzysztof Anzorge