2 Replies Latest reply on Aug 1, 2016 7:29 PM by yerkogofes

    The proxy could not connect to the destination in time (REVERSE PROXY).


      Hi team,

      I'm trying to set up a lab for a POC using McAfee Web Gateway in Reverse Proxy mode , but when make a connection to client (Internet) to Public ip with specific port this is a message:



      messaage .jpg


      My topology is very simple:


      request .jpg





      User -> http://<Public IP>:1111 -> FW Make NAT to IP MWG .77 -> MWG make process for example GAM analysis -> forward or redirect connection to Server  (IIS in windows).







      i don't know if the problem is in network connection and configuration in reverse proxy.

      I think that the problem is in MWG, because the connection come to the proxy and then don't go to web server.




      I need help, if somebody have information or examples, please let me know.





        • 1. Re: The proxy could not connect to the destination in time (REVERSE PROXY).
          Jon Scholten

          Hi Yerko!


          Your rule is incorrect, you changed it from URL.Host matches... to Connection.Protocol matches http://**:1111. This would never work. Connection.Protocol would only ever equal something like HTTP, HTTPS, SSL, FTP, SOCKS, etc... this has to do with the protocol of the incoming connection.


          Take a look at the examples below your rule and their use of URL.Host in the criteria. Stick to the examples rather than forming your own for now.


          There is also a best practice on configuring reverse proxy.

          Intro to Reverse Proxy


          If you only have one site configured, I'd suggest setting the criteria to Always instead of "Connection.Protocol matches...". Once you have more sites you'll probably want URL.Host based rules.


          The rules are meant to map the incoming request to the backend server.


          Best Regards,


          • 2. Re: The proxy could not connect to the destination in time (REVERSE PROXY).

            Hi Jon,Thanks for your reply.

            I modified my rules and then the connection was successfully  passing through the MWG "Reverse Proxy".




            This is my rule:






            I can access to my webserver from internet passing through MWG (Reverse Proxy) 




            Now... I need more information to make a proof of concept and show value for the customer using MWG "Reverse Proxy".

            I think that is good option show "GAM" feature while an user in internet (me) try to upload file in Web Server passing through MWG. The idea is use a clean file and other file with malicius code... For example one folder to www.ngfw-se.com

            What do you think about this idea and .... can you recommend others tests? (I am SE from LATAM Team )