cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
al-faunzo
Level 8
Report Inappropriate Content
Message 1 of 2
‎12-08-2021 07:32 AM

Web gateway alternative auth for none MCP nodes

Dear mcafee ,

we have been testing a ruleset to allows machines (linux with no MCP support) to bypass the MCP Authentication ruleset. See sscreenshot

In the Explicit ruleset their is a rule saying that  "Only allow users of Allowed user groups". 
This rule is set to "Domain users" only.

 

How ever, WE notice local accounts like "systems" and "network account" in other Win10 OS beeing blocked once they request 443 requests (which should be normal since they are not in domain users or domain joined). This is not visible for the users but we can se it in the logs. 

 

Any ideas what we could do here..? 

 

Br

0 Kudos
Reply
1 Reply
mkutrieba
Employee
Employee
Report Inappropriate Content
Message 2 of 2
‎12-28-2021 01:50 AM

Re: Web gateway alternative auth for none MCP nodes

Hello @al-faunzo,

so if I understand this correctly, the concern is about "user does not see the block which you see in logs"!?

This sounds like the CONNECT request (e.g. CONNECT www.google.com:443) gets blocked. Following information is just based on this thought (I hope it is correct).

In this case, it is normal that users do not really see the McAfee block page.

Reason is, that MWG responds with a HTTP response such as a block page (e.g. URL Filter, MediaType filter, GAM scanning, etc.) to a CONNECT request from the browser. The browser sends HTTPS and receives HTTP which he is not expecting. Therefore, no McAfee block page is shown but a blank page from browser.

HTTPS Scanning must be performed first (Handle CONNECT Call, Certificate verification and content inspection). Once this is through (in policy shown as CONNECT and CERTVERIFY cycle), the SSL traffic is broken and MWG can see the actual HTTP GET/POST request/cycle in there. If it then responds with a block page, the browser is in HTTP communication and should show the actual McAfee block page.

Let me know if this answers your questions or if you have further.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC