I'am in customer site with 3x MWG 5500 installation.
Customer have McAfee Firewall Enterprise (v 8.3.x).
Web Gateway-s are placed in McAfee Firewall Enterprise DMZ.
Ports 80 and 443 are redirected to VRRP address of proxy HA config (in MWG) using firewall option "upstream proxy" without NAT.
Everything looks OK, but I see, that onlu first Web Gateway (Primary Director) scans users traffic.
Others two Web Gateways not scan users traffic.
Question why only first MWG (primary Director) scan traffic.
Below You have screens from Proxy HA config and Firewall upstream redirect.
First MWG (MWG01) - Primary Director:
Secong MWG (MWG02) - Secondary Director:
Third MWG (MWG03) - Scanner:
MFE upstream proxy config:
Any ideas why only first MWG scan traffic?