1 2 3 Previous Next 24 Replies Latest reply on Jul 22, 2014 10:01 AM by asabban

    Certificate for proxy in MWG

    rabee

      I have recently learnt that it is possible to configure MWG to redirect traffic to a proxy using the "next-hop proxy" and that it is also possible to write rules for directing certain traffic to this proxy and allow the rest to bypass it. Now I would like to know how to configure it to allow SSH connections with the proxy and whether it is possible for MWG to accept self signed certificates that the proxy hands out. Thanks in advance!

        • 1. Re: Certificate for proxy in MWG
          asabban

          Hello,

           

          I am not sure if you are talking about SSH or SSL. SSH is a protocol for remote management which cannot be filtered by MWG. SSL will work out of the box just like plain HTTP. MWG will send a CONNECT request to the next-hop proxy, the next-hop proxy will bring up a tunnel to the remote site and traffic will go through.

           

          By default MWG will not allow self-signed certificates. The general behaviour for self-signed certificates can be changed to allow them. If you are talking about a next-hop proxy that hands out self-signed certificates it sounds like some kind of SSL inspection is done, e.g. the next-hop uses a self-signed Root CA to provide certificates which are signed by that Root CA rather than self signed. In that case you need to import that Root CA to MWG and it will allow the SSL traffic.

           

          Best,

          Andre

          • 2. Re: Certificate for proxy in MWG
            rabee

            Thank you Andre for that. I will follow up on that post but before that I would like to ask you some questions regarding installation. I am not creating a new thread and asking here instead since it seems unnecessary

             

            I created a Linux 2.6, 64 bit VM, with 4GB Ram and 200 GB Hard disk as per instructions in the Installation Guide. I then boot the VM with the downloaded iso image and I get the configuration wizard menu. I choose the option "video console" but I get an error message saying "No MWG Appliance detected". What could be the issue here?

             

            Message was edited by: rabee on 7/11/14 2:41:34 AM CDT
            • 3. Re: Certificate for proxy in MWG
              asabban

              Hello,

               

              what virtualization solution are you using?

               

              That message will pop up if the hardware platform is neither "McAfee" (physical appliances) nor "VMWare Inc." (VMWare).

               

              Best,

              Andre

              • 4. Re: Certificate for proxy in MWG
                rabee

                I am using VMWare.

                • 5. Re: Certificate for proxy in MWG
                  asabban

                  Which product/version exactly?

                  • 6. Re: Certificate for proxy in MWG
                    rabee

                    I was using VirtualBox and not VMWare. My bad. I will post an update of my progress once I try this on VMWare. Thanks once again Andre!

                    • 7. Re: Certificate for proxy in MWG
                      rabee

                      Hello Again Andre,

                       

                      I have installed MWG and got it up and running. I can also access the UI via the browser. How would I direct traffic through MWG? Please note that this is not a full fledged deployment and is only done as proof of concept so the most basic configuration will do, something even as simple as setting the proxy of browsers manually.

                      • 8. Re: Certificate for proxy in MWG
                        asabban

                        Hello,

                         

                        most simple setup that does not require any change to your network in my opinion:

                         

                        Forward Proxy:

                         

                        - Configure IP Address of MWG and Port 9090 manually in the browser, e.g. 192.168.0.1:9090. Check "use for all protocols". If you don't want to touch your browser settings get a "portable" version of Firefox which does not add anything to the systems registry and configure it to use MWG as a proxy server.

                         

                        Reverse Proxy:

                         

                        - Configure MWG to listen on port 80 and port 443

                        - Modify your computers hosts file (http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file) to something like "192.168.0.1   www.mwginternal.com". Save & Close

                         

                        If you now browse from your re-configured browser or with having the modified hosts file your requests will hit MWG.

                        Best,

                        Andre

                        • 9. Re: Certificate for proxy in MWG
                          rabee

                          Thank you Andre,

                           

                          I have configured the proxy settings of the browser and it seems to be working fine now. Is there some way I can see logs of all the requests that pass through MWG?

                          1 2 3 Previous Next