cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 9
‎11-01-2012 12:01 AM

McAfee Client proxy configuration.

Hi all,

I am facing some issue in McAfee Client proxy. We are planning to implement MCP in our client and our testing is going. Here I am mentioning our environment.

  1. MWG,EPO,MCP
  2. We have integrated with Active Directory server in LAN environment.
  3. We have created rules and policy for AD group and rules and policy  are getting properly user are able to browse allowed site and restricted site are getting blocked.
  4. Client has May laptop users so client wants to protect that user while users are browsing internet from outside network (Internet card, Home internet connection). But same rule and policy should get.
  5. So we have planned to Implement MCP client
  6. We have completed configuration of MCP in EPO.

A, Install the McAfee Client Proxy extension

B. Check in the McAfee Client Proxy client package to ePolicy Orchestrator

C. Select a policy and added NATed IP in Proxy server list and port 9091

D. Deploy McAfee Client Proxy with ePolicy Orchestrator

        7. We have created rule in firewall for MWG with  NATed  public IP to MWG proxy IP with port no 9091

Now Problem is occurred that.

  1. Users are not get same Active directory policy different different group  users are getting one top level rule and policy.
  2. Internal site are not getting access from outside through proxy.

My question.

  1. What are the rules we need to create for MCP client in MWG.
  2. How can by-pass my Internal site.

Regards,

Sabin karthikeyan.

0 Kudos
Reply
8 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 9
‎11-01-2012 11:14 AM

Re: McAfee Client proxy configuration.

Hi Sabin!

I imagine the policy issue is occurring because the groups received by MCP, and those returned from your Windows domain membership are different.

By default when performing direct proxy authentication, groups will simply be returned with the name of the group, NO DOMAIN IS INCLUDED. Example: Domain Users

By default when using MCP, groups will be returned WITH THE DOMAIN INCLUDE. Example: MCAFEE\Domain Users

So... I'm guessing you have all of your rules written based on the group WITHOUT the domain. You should change it to INCLUDE the domain to account for how MCP will send the groups.

You can do this under Policy > Settings > Engines > Authentication > [pick your auth settings], then check the box for "Prefix groups with domain name..." see screenshot below:

prefix.png

On the second issue, is the MWG in a DMZ that might not permit it to access internal sites? This sounds more like a networking issue. What message are you receiving (cannot connect)?

Best,

Jon

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 9
‎11-27-2012 09:24 PM

Re: McAfee Client proxy configuration.

Hi jon,

I have tried the same setting it not working.

Can you provide the authentication seetings rule set for MCP and other requred rule set and rule.

Regards,

Sabin Karthikeyan.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 9
‎11-13-2014 03:46 AM

Re: McAfee Client proxy configuration.

Hi Sabin,

Going through some search and found this issue, is this issue resolved are still struggling....

0 Kudos
Reply
noorhafiez
Level 7
Report Inappropriate Content
Message 5 of 9
‎07-11-2018 02:29 AM

Re: McAfee Client proxy configuration.

using MCP proxy authentication, when we check the box,which one is correct for the rules set setting :

1. authentication.usergroups contains value-string of "Students" [ad user group]

or 

2.  authentication.usergroups contains value-string of "domain\Students" [ad user group]

 

0 Kudos
Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 6 of 9
‎07-11-2018 11:12 PM

Re: McAfee Client proxy configuration.

Hi,

Hope you are doing well.

You can check this once by taking MWG GUI access-> Navigate to Policy->Settings->Authentication->MCP (MCP authentication settings you are using in your Authentication with Mcafee Client proxy rule)-> Their is an option keep domain name in group name.

 

If option keep domain name in group name is enabled  then domain\Students will be taken into consideration.  You can disable that option if only group names is being used in the policies.

 

Regards

Alok Sarda

Reply
frank.schmolke
Level 7
Report Inappropriate Content
Message 7 of 9
‎08-10-2020 09:05 AM

Re: McAfee Client proxy configuration.

This option has no effect. 😞

0 Kudos
Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 8 of 9
‎08-10-2020 11:06 AM

Re: McAfee Client proxy configuration.

Hi,

 

Hope you are doing well.

 

Traffic goes via on prem MWG or cloud?

 

Regards

Alok Sarda

0 Kudos
Reply
MinhNQ11
Level 7
Report Inappropriate Content
Message 9 of 9
‎05-25-2022 01:19 AM

Re: McAfee Client proxy configuration.

it works fine. Thanks you
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC