McAfee Client Proxy 2.3.3 Interface Reference Guide (McAfee epolicy Orchestrator) Client Proxy interface reference These tables provide information about the policy settings found in the Client Proxy UI. Policy Catalog On the McAfee Client Proxy page of the Policy Catalog, you can create, import, export, rename, duplicate, delete, view, and edit policies. The Client Proxy policy named McAfee Default is read-only. It can be duplicated and saved with a new name, but it cannot be renamed, deleted, exported, or edited. Table 1 Client Proxy policy options New Policy Import Export Name Owner Opens the Create a new policy dialog box, where you can select an existing policy to use as a template for a new policy and specify a name. Opens the Import Policies dialog box, where you can browse for the.xml file that has the policy you want to import. Opens the Export page, where you have these options: Click the link Opens a new tab in your web browser, where you can view the policy in XML format. Right-click the link, then select Save Link As, choose a folder, and optionally update the file name Downloads the policy to an.xml file. Default file name: Policies_For_McAfee_Client_Proxy_<x.y.z>.xml <x.y.z> specifies the version number of Client Proxy. Opens the policy settings, which you can edit and save. Opens a list of users and groups, where you can select the policy owners and save any changes. 1
Table 1 Client Proxy policy options (continued) Assignments Actions Opens the list of nodes, where the policy is assigned. Rename Opens the Rename Policy dialog box, where you specify a new name for the policy. Duplicate Opens the Duplicate Existing Policy dialog box, where you specify a name for the new policy that is based on an existing policy. Delete Opens the Delete Policy dialog box, where you confirm that you want to delete the policy. Export Opens the same page as the Export button. Proxy Servers page Configure the list of proxy servers and rules that the Client Proxy software uses when redirecting network traffic. Table 2 Proxy Servers options Specify how the software selects a proxy server from the list. Proxy Server Address Proxy Port HTTP/HTTPS Non-HTTP/HTTPS Redirected Ports Enable Auto proxy switch over Polling interval Select an option: connect to the first accessible Proxy Server based on their order in the list below The software selects the next proxy server from the list that you configure. connect to the Proxy Server which has the fastest response time The software selects the next proxy server from the list that it maintains, which is based on response time. Specifies the IP address or host name of the proxy server. Specifies the port number of the proxy server. The software redirects all traffic sent to ports 80 and 443 to a proxy server. Specifies the port numbers of protocols other than HTTP/HTTPS whose traffic you want redirected. Verify that the proxy server supports these protocols. The software checks the proxy server list at the specified interval to see if a higher priority server is available. If available, the software automatically switches to it. Specifies how often the software checks the proxy server list to see if a higher priority server is available. Range: 10 3600 seconds Recommended value: 60 seconds Specify additional ports that you would like to redirect as HTTP/HTTPS traffic Specifies the numbers of other ports whose traffic you want redirected like HTTP/ HTTPS traffic. For example, you can redirect requests sent to an application the same as requests sent to a web browser. Bypass proxy server for local addresses Selected The software does not redirect traffic sent to local addresses inside your network. Deselected The software redirects all traffic, including traffic sent to local addresses inside your network, to a proxy server. This setting is selected by default. 2
Client Configuration page Configure the settings that the Client Proxy software uses to redirect web requests based on the location of the endpoint: inside or outside the network or connected to the network by VPN. Table 3 Customer Identifier and Shared Password Category Customer Identifier Before configuring this page, download the customer ID XML file from the Web Gateway or McAfee WGCS server. You must have this information to save the configuration. Table 4 Client Configuration options Category Traffic Redirection Settings Redirect network traffic when computer is not connected to corporate network and not working through VPN Always redirect network traffic to proxy servers Browse Unique Customer ID Shared Password Click to locate the XML file with the customer ID and shared password. Specifies the unique customer identification number provided by the Web Gateway or McAfee WGCS administrator. Specifies the hashed shared password provided by the Web Gateway or McAfee WGCS administrator. The software redirects web requests to a proxy server in this case: The user is working outside your organization's network and is not connected to the network by VPN. The software redirects web requests to a proxy server in all cases: The user is working inside your organization's network. The user is working outside your network and is connected by VPN. The user is working outside your network and is not connected by VPN. Corporate Network Detection Detect if MCP is inside the corporate network Select an option: by testing connectivity to epo The software determines whether the endpoint is inside the network by pinging the McAfee epo server. Best practice: We recommend this option. Corporate VPN Detection Server Address Server Port Detect if MCP is connected to a corporate VPN Server Address Server Port by testing connectivity to any of the following corporate servers The software determines whether the endpoint is inside the network by pinging the specified servers on the network. Specifies the IP address or host name of a server on your organization's network. Specifies the port number of the server on your organization's network. Specifies the addresses of one or more VPN servers. The software determines whether the endpoint is connected to the VPN by pinging the servers you specify. Specifies the IP address or host name of a VPN server on your organization's network. Specifies the port number of the VPN server on your organization's network. 3
Table 4 Client Configuration options (continued) Category Active Directory Groups Filter Regular Expression Specifies the names of one or more Active Directory groups. The software uses the names to filter the groups in the header that it adds to web requests before redirecting them to the proxy server. Format: <domain_name>\\<group_name> Group membership information must not exceed 4096 characters. Include / Exclude For each regular expression, select an option: Include Includes the Active Directory name in the header added to the web request. Exclude Excludes the Active Directory name in the header added to the web request. Log File Settings (OS X Only) Specifies how much information the software logs to a file. Select an option: Log messages with Error and Critical priority Access Protection (Windows Only) Enable access protection Request release key for manual uninstall Log messages with Error, Critical, Information, and Warning priority Log all messages (recommended for troubleshooting and debugging) Don't log any messages Log files are located in the following folder on the endpoint running Mac OS X or macos: C:\Program Data\McAfee\MCP\Logs Users are allowed to: Use Windows Task Manager to disable the software Edit or delete files Change registry values Selected Users can request a release code from an administrator and use it to uninstall the software. Deselected Users must use the Windows uninstall feature to uninstall the software. Best practice: Use a release code to uninstall the software. Bypass List page The Client Proxy software allows web requests that match the items in the bypass list to pass the proxy server and go directly to the Internet. To add items to the bypass list, select them from the Common Catalog instance that is linked to the Client Proxy policy. 4
Table 5 Bypass List options Actions From the drop-down list, select: Add bypass list item Select an item type, then select one or more items from the Common Catalog, and add them to the bypass list. Domain Name Network Address Network Port Process List Edit/View Edit the selected item in the bypass list. Remove Remove the selected items from the bypass list. Show selected rows Only the selected items in the bypass list are shown. Block List page Configure the list of processes that the Client Proxy software blocks from accessing the Internet. Table 6 Block List options Allow traffic to go directly to destination Block traffic for all processes (except bypass listed processes) The software allows all processes to access the Internet without going through a proxy server. The software blocks all processes from accessing the Internet (except processes included on the bypass list). Best practice: Use this option as a last resort. It can block system processes from reaching the Internet and prevent normal operation on the endpoint. Block traffic only for the following processes Allows you to configure the names of processes that you want blocked from accessing the Internet and add them to the block list. Copyright 2018 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. 0-00 5