Reference Guide McAfee Client Proxy 2.3.2 Client Proxy interface reference These tables provide information about the settings found in the Client Proxy UI. Policy Catalog On the McAfee Client Proxy page of the Policy Catalog, you can create, import, export, rename, duplicate, delete, view, and edit policies. The Client Proxy policy named McAfee Default is read only. It can be duplicated and saved with a new name, but it cannot be renamed, deleted, exported, or edited. Table 1 Client Proxy policy options New Policy Import Export Name When clicked, opens the Create a new policy dialog box, where you can select an existing policy to use as a template for a new policy and specify a name. When clicked, opens the Import Policies dialog box, where you can browse for the.xml file that has the policy you want to import. When clicked, opens the Export page, where you have these options: Click the link Opens a new tab in your web browser, where you can view the policy in XML format. Right-click the link, then select Save Link As, choose a folder, and optionally update the file name Downloads the policy to an.xml file. Default file name: Policies_For_McAfee_Client_Proxy_<x.y.z>.xml <x.y.z> specifies the version number of Client Proxy. Clicking this link opens the policy settings, which you can edit and save. 1
Table 1 Client Proxy policy options (continued) Owner Assignments Actions Clicking this link opens a list of users and groups, where you can select the policy owners and save any changes. Clicking this link opens the list of nodes, to which the policy is assigned. Rename When clicked, opens the Rename Policy dialog box, where you specify a new name for the policy. Duplicate When clicked, opens the Duplicate Existing Policy dialog box, where you specify a name for the new policy that is based on an existing policy. Delete When clicked, opens the Delete Policy dialog box, where you confirm that you want to delete the policy. Export When clicked, opens the same page as the Export button. Proxy Servers reference Configure the list of proxy servers and rules that Client Proxy uses when redirecting web requests. Table 2 Proxy Servers settings Specify how McAfee Client Proxy selects a proxy server from the list. Proxy Server Address Proxy Port HTTP/HTTPS Non-HTTP/HTTPS Redirected Ports Enable Auto proxy switch over Polling interval Specify additional ports that you would like to redirect as HTTP/HTTPS traffic Bypass proxy server for local addresses Select an option: connect to the first accessible Proxy Server based on their order in the list below The software selects the next proxy server from the list that you configure. connect to the Proxy Server which has the fastest response time The software selects the next proxy server from the list that it maintains, which is based on response time. Specify the IP address or host name of the proxy server. Specify the port number of the proxy server. When selected, Client Proxy redirects all web requests sent to ports 80 and 443 to a proxy server. Specify the port numbers of protocols other than HTTP/HTTPS whose requests you want redirected. Verify that the proxy server supports these protocols. When selected, Client Proxy checks the proxy server list at the specified interval to see if a higher priority server is available. If available, Client Proxy automatically switches to that proxy server. Specify how often Client Proxy checks the proxy server list to see if a higher priority server is available. Range: 10 3600 seconds Recommended value: 60 seconds Specify the numbers of other ports whose web requests you want redirected like HTTP/HTTPS traffic. For example, you can redirect requests sent to an application the same as requests sent to a web browser. When deselected, Client Proxy redirects all web requests, including those sent to local addresses inside your organization's network, to a proxy server. By default, this setting is selected, and Client Proxy does not redirect requests sent to local addresses inside your organization's network. 2
Client Configuration reference Configure the settings that specify how the Client Proxy policy is applied when end users are located inside and outside the network. Table 3 definitions Category Customer Identifier Download the customer ID XML file from the Web Gateway or McAfee WGCS server before configuring this page. You cannot save the configuration without this information. Browse Shared Password Unique Customer ID Navigates to the customer identification XML file location. Hashed password provided by the Web Gateway or McAfee WGCS administrator. Customer identification number provided by the Web Gateway or McAfee WGCS administrator. Traffic Redirection Settings Always redirect network traffic to proxy servers Redirect network traffic when computer is not connected to corporate network and not working through VPN When selected, overrides the corporate network and VPN server setups. Use this setting to redirect all network traffic to the McAfee WGCS server. When selected, activates the Client Proxy software outside of your corporate network. Use this setting if the endpoint computer is a Web Gateway client that uses Client Proxy and McAfee WGCS when roaming outside the corporate network. Corporate Network Detection Add Adds the new proxy server address and port information to the corporate and VPN detection lists. by testing connectivity to any of the following corporate servers by testing connectivity to epo When selected, uses corporate servers to activate bypass mode. When selected, uses the McAfee epo server to activate bypass mode. We recommend using this method. Server Address Server Port Specifies IP address or host name of the proxy server. Specifies the port number of the proxy server. Corporate VPN Detection Add Adds the new proxy server address and port information to the corporate and VPN detection lists. Server Address Server Port Specifies IP address or host name of the proxy server only accessible when the end user is connected by VPN. Specifies the port number of the proxy server only accessible when the end user is connected by VPN. Active Directory Groups Filter Add Adds the new Active Directory group list header information to the Regular Expression list. Delete Edit Removes the Active Directory group list header information from the Regular Expression list. Makes the regular expression fields editable. 3
Table 3 definitions (continued) Category Include Exclude Regular Expression When selected, allows and loads groups through a proxy. When selected, prohibits groups from a specified proxy. Specifies proxies based on their predefined patterns and priorities to find word or text matches. Group membership information must not exceed 4,096 characters. Log File Settings (OS X only) Access Protection (Windows only) Enable access protection Request release key for manual uninstall Specifies how much information Client Proxy logs to a file. Select an option: Log messages with Error and Critical priority Log messages with Error, Critical, Information, and Warning priority Log all messages (recommended for troubleshooting and debugging) Don't log any messages Log files are located in the following folder on the end user's OS X computer: C:\Program Data\McAfee\MCP\Logs When selected, end users are unable to: Disable Client Proxy with Windows Task Manager. Deleted or edit files. Modify registry values. When selected, allows end users to request an uninstall key from Help Desk to uninstall Client Proxy. When this option is deselected, uninstall Client Proxy using Windows Add/Remove Programs (Windows XP), or Programs and Features (Windows Vista and Windows 7). We recommend uninstalling Client Proxy with a Help Desk uninstall key. Bypass List reference Endpoint computers can connect to the web definitions on the bypass list without first going through a proxy filter. The Client Proxy Bypass List uses McAfee Common Catalog definitions. Each Client Proxy policy is linked to a unique Common Catalog instance. 4
Table 4 definitions Actions Actions to perform from this page include: Add bypass list item Specifies these bypass item types: Domain name Network address Network port Process list Edit/View Modify or view the selected bypass item. Only non-standard definitions from the default catalog are editable. Remove Removes the selected bypass item from the Bypass List and the Common Catalog instance linked to the Client Proxy policy. Show selected rows When selected, only shows the selected bypass items in the Bypass List. Block List reference Configure and maintain the list of processes that are permanently blocked from communicating with the network. Table 5 definitions Add Allow traffic to go directly to destination Block traffic for all processes (except bypass listed processes) Block traffic only for the following processes Cancel Delete Edit Process Name Adds the new process name to the Block List. When selected, all network traffic is directed to the intended destination. (Default configuration) When selected, blocks all network traffic unrecognized by Client Proxy. We do not recommend using this option. Selecting this option can result in loss of all network connectivity except by browsers. Attempting to use other software to connect to the Internet can disrupt communication between the security server and endpoint computer, preventing end users from accessing their computers. When selected, blocks all network traffic on the Block List. The built-in list contains the standard Microsoft Windows and OS X browsers. Add processes to the list with the Process Name text box. Removes the process name from the Process Name field without saving. Removes the process name from the Block List. Enables modification capabilities to the Process name field. Specifies process names in the Block List. 5
Choose from existing values reference Create or add existing items to the bypass list. Table 6 definitions Cancel Edit Terminates the operation without saving. Modifies the selected item. Applies only to user-defined items. Filter items GO New Item OK Show McAfee default items Show selected items only View Specifies a string filter. For example, if you type FTP, only definitions with FTP in the title are displayed. Activates the definition in the Filter items field. Opens a window and allows you to create a new definition. Adds the selected items to the Bypass List. When selected, displays only items from the McAfee default catalog. When selected, limits the display to selected items. Displays the catalog definition. Applies only to built-in items. Administrator permissions reference Specify Client Proxy permissions for administrators. Table 7 definitions Policy and Tasks Choose from these options: No permissions Grants no access to the Client Proxy page. The Client Proxy page is not visible to an end user without permissions. View policy and task settings Grants ability to view Client Proxy policies and tasks. View and change policy and task settings Grants ability to view and edit Client Proxy policies and tasks. Copyright 2017 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. 6 0-00