2 Replies Latest reply on Feb 19, 2015 7:15 PM by kbolt

    Force All Data To Go Through Gateway

    kbolt

      Hello all, I have been beating my head against a wall here. How do you ensure that all of the data leaving the client PC goes through the McAfee Web Gateway? For instance, with a portable version of uTorrent running on the client PC, I am unable to block it from downloading a torrent BUT MWG does block out the ads that would normally show up inside the uTorrent UI. I've attempted to set my MWG appliance as the default gateway for the client PC which does seems to stop uTorrent Portable' downloads but it also stops me from getting to any other subnets on the intranet. I've been using explicit proxy mode for the most part but recently I've tried to use transparent bridge mode but to no avail. I just can't get to (via ping, SMB, etc.) my server and remote subnets, i.e. networks outside of the network the client PC is in. Interestingly, the client PC can still browse the web with the MWG as its default gateway, I'm not sure why that works but nothing else does. Is there no way to accomplish this?

        • 1. Re: Force All Data To Go Through Gateway

          First, you have to block everything at the firewall if you don't want it to route directly out. Only allow web traffic from the MWG to the internet.

          Applications that honor proxy settings will choose to use the proxy. Applications that choose not to use the proxy will route out direct.

           

          Second. MWG filters manages web traffic. Anything that is not HTTP/HTTPS/FTP/SOCKS/XMPP (and a couple of others) will not be affected.

          Torrents are not Web Traffic. it receives the torrent from UDP packets and are not HTTP/S.

           

          One thought is to use the MCP client on the PC to redirect all traffic and force it to go through a proxy. This will intercept 80/443 at the TCP stack and diret it through a proxy if your application is not proxy-aware.

          • 2. Re: Force All Data To Go Through Gateway
            kbolt

            Thank you very much for the speedy reply. I was hoping that the MWG appliance, not the filtering and rules part, but just the interface itself could somehow serve as a router so that requests to other parts of the network could be delivered correctly based on routes placed in the Static Route area found under the Configuration menu. In that way, it would handle web traffic when the protocols match that kind of traffic and then allow all other intranet-based protocols like ICMP. Is this totally impossible?

             

            Block undesirables at the firewall, handle allowed web traffic at the MWG, nice. Thanks, I'll have to speak with the admin in charge of that. The MCP (McAfee Client Proxy, I presume) client, that's new to me. I'll definitely have to do some reading there.