2 Replies Latest reply on Aug 17, 2015 11:36 AM by Jon Scholten

    Source IP on webgateway

    rsan123

      Hello All,

       

      I have a question regarding McAfee webgateway.

       

      The setup is as follows: Webgateway with IP 172.16.x.x. Clients that need to access internet use this IP address as proxy

      The internet proxy then routes traffic through a firewall.
      My firewall sees all traffic coming in for the internet as source ip 172.16.x.x. Is there a way to configure the proxy so that when it forwards traffic, it does not send its own IP address as source IP but retains the client's IP that made the request towards the internet?

      Thanks.

        • 1. Re: Source IP on webgateway
          Troja

          Hi rsan123,

          the source IP for your firewall cannot be changed. Because, if you change this value how the TCP packets from your firewall should be sent to your proxy back. :-)

           

          Many firewall are able to extract the x-forwarded-for header from a HTTP request.

           

          Cheers

          • 2. Re: Source IP on webgateway
            Jon Scholten

            Hi Rsan,

             

            This is actually possible using IP spoofing. This is supported in most all modes MWG is deployed (proxy/transparent router/bridge, etc).

             

            IP spoofing though usually requires that the network accommodate this. I never recommend just turning this on.. google "Asynchronous routing".

             

            With IP spoofing, traffic must take the same path back into the network as it did on the way out (synchronous routing).

             

            Best Regards,

            Jon