cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GimarVivero
Level 8
Report Inappropriate Content
Message 1 of 4
‎06-17-2020 01:45 PM

MWG behind a FireWall with webfiltering function

Jump to solution

We are using a Firewall with a web filtering service. It has also SSL inspection function.

Does MWG need to install the certificate of that firewall if SSL inspection is enabled on the FIrewall? does the endpoint machines still need to install the cerificate of the Firewall?

0 Kudos
Reply
1 Solution

Accepted Solutions
aloksard
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎06-18-2020 11:55 PM

Re: MWG behind a FireWall with webfiltering function

Jump to solution

Hi,

 

Hope you are doing well.

 

Yes this can be done via GUI.

 

Inside SSL Scanner-> Certificate Verification-> Skip Verification for Certificates Found in Certificate Whitelist-> You can whitelist the certificate here.

 

Alternatively also When you have SSL Scanner rule set enabled in MWG , for certificate verification we have by default a profile present in which you can have a your own list of certificate authority configured and also have a mcafee maintained known CA list.


In your scenario this mcafee maintained list is not required.


You can take MWG GUI access-> Navigate to option Settings-> Certificate Chain->Default-> List of certificate authorities-> Their you can configure and import firewall certificate for MWG to trust



Regards

Alok Sarda

View solution in original post

0 Kudos
Reply
3 Replies
aloksard
Employee
Employee
Report Inappropriate Content
Message 2 of 4
‎06-17-2020 09:34 PM

Re: MWG behind a FireWall with webfiltering function

Jump to solution

Hi,

 

Hope you are doing well.

 

Client->MWG->Firewall

 

Firewall is doing web filtering service. It has also SSL inspection function.

 

Above is the setup, correct me if I am wrong.

 

If SSL Scanner is not enabled on MWG, then MWG does not need to install the certificate of that firewall. Yes endpoint machines still need to install the certificate of the Firewall in order to trust.

 

If SSL Scanning is also enabled on MWG, then yes on MWG you need to install certificate of the firewall to trust it. On endpoint machines you need to import the root certificate of the certificate being used for SSL Scanning in MWG.

 

 

Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 


Regards
Alok Sarda

Reply
GimarVivero
Level 8
Report Inappropriate Content
Message 3 of 4
‎06-18-2020 08:55 AM

Re: MWG behind a FireWall with webfiltering function

Jump to solution

Hi @aloksard ,

how do you install the certificate of firewall on MWG? will it be using the GUI of the MWG?

0 Kudos
Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎06-18-2020 11:55 PM

Re: MWG behind a FireWall with webfiltering function

Jump to solution

Hi,

 

Hope you are doing well.

 

Yes this can be done via GUI.

 

Inside SSL Scanner-> Certificate Verification-> Skip Verification for Certificates Found in Certificate Whitelist-> You can whitelist the certificate here.

 

Alternatively also When you have SSL Scanner rule set enabled in MWG , for certificate verification we have by default a profile present in which you can have a your own list of certificate authority configured and also have a mcafee maintained known CA list.


In your scenario this mcafee maintained list is not required.


You can take MWG GUI access-> Navigate to option Settings-> Certificate Chain->Default-> List of certificate authorities-> Their you can configure and import firewall certificate for MWG to trust



Regards

Alok Sarda

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC