2 Replies Latest reply on May 28, 2014 1:47 AM by asabban

    McAfee Web Gateway - SSL Inspection Problem





      I'm currently trying to use a McAfee Web Gateway (latest version) deployed on-premise to manage user access to various resources. The problem is that bypassing the proxy (i.e. direct access) is not an option nor is user-controlled certificate acceptance.


      I've gotten SSL Inspection working flawlessly for generic websites but I am having trouble with access to certain partner portals: for some odd reason, SSL inspection fails miserably when the destination host is in a private subnet (i.e. users in 172.16.x.x and server in 10.x.x.x. Traffic from user to server is https and must be proxied and inspected by the MWG. Users must see that the connection is secured using the MWG's sub-CA used for SSL inspection.


      Is there some undocumented limitation that prevents SSL inspection for RFC1918 IP ranges?



      Thanks for any suggestions and input!