cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 4
‎08-21-2020 08:08 AM

McAfee Web Gateway don't filter traffic

Jump to solution

Hello everyone,

 

I set up "McAfee Web Gateway" as a virtual appliance and use it in bridge mode.

My environment basically looks like this:

Client (Router) -> Firewall 1 -> MGW (ibr0) -> Firewall 2 -> Internet

 

I see traffic on the ibr0 interface, but the MGW doesn't filter anything.

In the "Web Traffic Summary" I haven't any pakets.

 

Hope that anyone understand my problem here and could help me.

0 Kudos
Reply
1 Solution

Accepted Solutions
aloksard
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎08-24-2020 03:15 AM

Re: McAfee Web Gateway don't filter traffic

Jump to solution

Hi,

 

Hope you are doing well.

 

Port redirect config is required for traffic to be redirected. Enable HTTP proxy option should also be enabled.Please take a look at MWG product guide  for complete details on this.

 

Configure one or more port redirects that let requests sent from clients of Web Gateway be redirected to a particular port.

  1. Under Port redirects, click Add.
  2. Configure the following for a new port redirect that applies to connections under HTTP or HTTPS:

    • Protocol name — http

      http covers connections under both HTTP and HTTPS.

    • Original destination ports — 80. 443

      These are the default destination ports. They cover connections under both HTTP and HTTPS.

      If you want to filter also HTTPS traffic, you need to enable the SSL Scanner rule set, which is by default provided on the rule sets tree, but not enabled.

    • Destination proxy port — 9090

      9090 is the default proxy port on an appliance.

      If you need to use other ports due to the requirements of your network, change these settings as needed.

     

     

    Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

     
     
    Regards
    Alok Sarda

View solution in original post

Reply
3 Replies
swilkens1
Employee
Employee
Report Inappropriate Content
Message 2 of 4
‎08-21-2020 09:18 AM

Re: McAfee Web Gateway don't filter traffic

Jump to solution

I assume traffic is passing through the bridge fine, but just unfiltered, correct?

Do you have the appropriate port redirects specified in the Proxies configuration?

The default is ports 80/443 redirected to 9090 (if 0.0.0.0:9090) is your HTTP listener port.

Also, what version MWG are you running?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 4
‎08-24-2020 03:01 AM

Re: McAfee Web Gateway don't filter traffic

Jump to solution

Yes, webtraffic passing trough the ibr0 interface, but its unfiltered.

 

I don't set up any Proxy configuration right now.

MGW_Proxy.PNG

I'm running MGW on version 9.2.2 (33635)

0 Kudos
Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎08-24-2020 03:15 AM

Re: McAfee Web Gateway don't filter traffic

Jump to solution

Hi,

 

Hope you are doing well.

 

Port redirect config is required for traffic to be redirected. Enable HTTP proxy option should also be enabled.Please take a look at MWG product guide  for complete details on this.

 

Configure one or more port redirects that let requests sent from clients of Web Gateway be redirected to a particular port.

  1. Under Port redirects, click Add.
  2. Configure the following for a new port redirect that applies to connections under HTTP or HTTPS:

    • Protocol name — http

      http covers connections under both HTTP and HTTPS.

    • Original destination ports — 80. 443

      These are the default destination ports. They cover connections under both HTTP and HTTPS.

      If you want to filter also HTTPS traffic, you need to enable the SSL Scanner rule set, which is by default provided on the rule sets tree, but not enabled.

    • Destination proxy port — 9090

      9090 is the default proxy port on an appliance.

      If you need to use other ports due to the requirements of your network, change these settings as needed.

     

     

    Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

     
     
    Regards
    Alok Sarda
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC