Installation Guide. McAfee Web Gateway Cloud Service

Similar documents
Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Client Proxy Product Guide

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Data Loss Prevention Discover 11.0

McAfee Content Security Reporter 2.6.x Migration Guide

Migration Guide. McAfee Content Security Reporter 2.4.0

Deploying the hybrid solution

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Installation Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee MVISION Endpoint 1811 Installation Guide

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee epolicy Orchestrator 5.9.1

McAfee Host Intrusion Prevention 8.0

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Investigator Product Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee MVISION Mobile epo Extension Product Guide

McAfee Endpoint Security for Servers Product Guide

McAfee MVISION Mobile AirWatch Integration Guide

Boot Attestation Service 3.0.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee File and Removable Media Protection Installation Guide

McAfee Boot Attestation Service 3.5.0

McAfee Data Protection for Cloud 1.0.1

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Endpoint Security Threat Prevention Installation Guide - macos

Migration Guide. McAfee File and Removable Media Protection 5.0.0

McAfee MVISION Mobile Silverback Integration Guide

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Endpoint Security

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Network Security Platform

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

Addendum. McAfee Virtual Advanced Threat Defense

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

McAfee Network Security Platform

McAfee Application Control Windows Installation Guide. (Unmanaged)

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Policy Auditor 6.2.2

McAfee Application Control Windows Installation Guide

McAfee MVISION Mobile MobileIron Integration Guide

McAfee File and Removable Media Protection 6.0.0

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

Firewall Enterprise epolicy Orchestrator

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Cloud Workload Security Product Guide

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

McAfee File and Removable Media Protection Product Guide

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Account Management. Administrator Guide. Secure Gateway (SEG) Service Administrative Guides. Revised August 2013

McAfee MVISION Mobile Threat Detection Android App Product Guide

Hardware Guide. McAfee MVM3200 Appliance

McAfee epolicy Orchestrator Software

Client Proxy interface reference

McAfee Change Control and McAfee Application Control 8.0.0

Product Guide. McAfee Performance Optimizer 2.2.0

Release Notes - McAfee Deep Defender 1.0

Client Proxy interface reference

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee SiteAdvisor Enterprise 3.5.0

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

Product Guide. McAfee Plugins for Microsoft Threat Management Gateway Software

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

Installation Guide McAfee Firewall Enterprise (Sidewinder ) on Riverbed Services Platform

McAfee Cloud Identity Manager

McAfee epolicy Orchestrator 4.5 Hardware Sizing and Bandwidth Usage Guide

McAfee Cloud Identity Manager

Cloud Workload Discovery 4.5.1

McAfee Performance Optimizer 2.1.0

McAfee Endpoint Security Installation Guide. (McAfee epolicy Orchestrator)

Hardware Guide. McAfee Web Gateway 7.8.0

McAfee Cloud Identity Manager

Product Guide. McAfee Content Security Reporter 2.4.0

McAfee Threat Intelligence Exchange Installation Guide

McAfee Cloud Identity Manager

Transcription:

Installation Guide McAfee Web Gateway Cloud Service

COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Web Gateway Cloud Service Installation Guide

Contents 1 Deployment options 5 Cloud-only versus hybrid deployment........................... 5 Web Protection hybrid solution.............................. 5 2 Getting started 7 Setting up the products in the recommended order...................... 7 Web Protection user interface.............................. 8 How the welcome page information is used......................... 8 Locate the welcome page............................. 8 Best practice: Deployment with Client Proxy......................... 9 Setting up communication with Client Proxy...................... 9 How Client Proxy applies policy settings....................... 10 Configuring McAfee WGCS as the proxy server........................ 10 Before using the cloud service.............................. 11 Index 13 McAfee Web Gateway Cloud Service Installation Guide 3

Contents 4 McAfee Web Gateway Cloud Service Installation Guide

1 Deployment 1 options You can deploy McAfee Web Gateway Cloud Service (McAfee WGCS) in a cloud-only deployment or in a hybrid deployment with McAfee Web Gateway. Contents Cloud-only versus hybrid deployment Web Protection hybrid solution Cloud-only versus hybrid deployment McAfee WGCS can be deployed with or without Web Gateway, a hardware-based or virtual appliance that is installed locally on your organization's network. The on-premise appliance protects your network from threats that might arise when users access the web from inside the network. McAfee WGCS can be deployed as follows: Cloud-only deployment Organizations that do not want to install a Web Gateway appliance on the network can redirect web requests from users working inside or outside the network to the web protection service for filtering. Hybrid deployment Organizations that have a Web Gateway appliance installed on the network and deploy the web protection service in the cloud can manage their web protection policy for both in one user interface and apply it across the organization. When deployed together, the web protection service and on premise appliance are known as McAfee Web Protection or as the Web Protection hybrid solution. For more information, see these guides: McAfee Web Protection Hybrid Deployment Guide McAfee Web Gateway Product Guide Web Protection hybrid solution Using the hybrid solution, you can manage your web protection policy in the Web Gateway user interface and push the policy to the McAfee WGCS service in the cloud. In the appliance interface, one web protection policy consists of many rule sets, such as URL Filtering and Dynamic Content Classification. Most rule sets apply equally to McAfee WGCS and can be enabled in the cloud. The appliance pushes rule sets that are enabled in the cloud to McAfee WGCS at the synchronization interval you specify. To configure the hybrid solution in the appliance interface, follow these high-level steps: McAfee Web Gateway Cloud Service Installation Guide 5

1 Deployment options Web Protection hybrid solution 1 Configure these settings: Connection settings Allow the on-premise appliance to connect to the web protection service in the cloud. Synchronization settings Specify how frequently the on-premise policy is pushed to the cloud. 2 Select the rule sets that you want pushed to the cloud. 6 McAfee Web Gateway Cloud Service Installation Guide

2 Getting started You set up McAfee WGCS and McAfee Client Proxy using the McAfee epolicy Orchestrator Cloud (McAfee epo Cloud) management console. Contents Setting up the products in the recommended order Web Protection user interface How the welcome page information is used Best practice: Deployment with Client Proxy Configuring McAfee WGCS as the proxy server Before using the cloud service Setting up the products in the recommended order McAfee WGCS works with McAfee epo Cloud and Client Proxy. We recommend setting up these products in the following order. 1 McAfee epo Cloud This cloud platform features a management console, where you can manage McAfee WGCS and Client Proxy policies. After creating an account in McAfee epo Cloud, you can use the management console to set up the other products. For more information, see the McAfee epolicy Orchestrator Cloud Product Guide. Or you can set up and manage Client Proxy using McAfee epolicy Orchestrator (McAfee epo ), the on-premise management platform. For more information, see the McAfee epolicy Orchestrator Product Guide. 2 McAfee WGCS McAfee hosts and updates this service in the cloud. Because it is a cloud service, you do not need to install or upgrade the software. To access the interface in the management console, you use your McAfee epo Cloud credentials. 3 Client Proxy Setup depends on whether you are using McAfee epo or McAfee epo Cloud. For both management platforms, deploy the client software to the managed endpoints in your organization, configure a Client Proxy policy, and push the policy to the endpoints. For more information, see these guides: McAfee Client Proxy Product Guide for use with McAfee epolicy Orchestrator McAfee Client Proxy Product Guide for use with McAfee epolicy Orchestrator Cloud McAfee WGCS can also be deployed without Client Proxy. McAfee Web Gateway Cloud Service Installation Guide 7

2 Getting started Web Protection user interface Web Protection user interface After logging on to the management console with your account credentials, you can manage policies, configure authentication, and view getting started information. Getting Started Access the welcome page, where you can find the information required for getting started. Authentication Settings Configure how end users are authenticated. Web, Cloud Data Policy Manage how web traffic is filtered and allow or block access to web content, applications, and objects. How the welcome page information is used The welcome page information includes your customer ID and the proxy server address that your endpoint computers use to connect to McAfee WGCS. After you subscribe to McAfee WGCS, McAfee provisions your account throughout the system according to the products and services you purchase and sends you a welcome email. To activate your account, click the Activate link in the email and provide an email address and a password. Use this email address and password to log on to McAfee epo Cloud, where you can locate the welcome page. Customer ID Uniquely identifies the customer in the system. Customer Specific Proxy Specifies the domain name of your McAfee WGCS instance. The domain name has the form: c<customer_id>.saasprotection.com. Example: c12345678.saasprotection.com Save these values for later use. You need them when configuring Client Proxy policies. Hybrid customers need the customer ID when configuring policy synchronization in the Web Gateway interface. Locate the welcome page In the management console, locate the welcome page and information required for getting started with McAfee WGCS. Before you begin You must have your McAfee epo Cloud email address and password. Task 1 In the address field of a web browser, enter: manage.mcafee.com. 2 On the logon page, provide values for your email and password. 3 From the McAfee epo Cloud menu, select Web Protection Getting Started. 8 McAfee Web Gateway Cloud Service Installation Guide

Getting started Best practice: Deployment with Client Proxy 2 Best practice: Deployment with Client Proxy While McAfee WGCS can be deployed without Client Proxy, best practice is to deploy the web protection service with Client Proxy, whether the deployment is cloud-only or hybrid. Client Proxy provides location awareness Client Proxy software redirects web requests from end users who are working inside or outside your organization's network to proxy servers in the cloud for filtering by McAfee WGCS. The software is location aware and determines whether endpoint computers are located inside or outside the network or are connected to the network by VPN. When McAfee WGCS is configured with Client Proxy and Web Gateway in a hybrid deployment, the decision to redirect web requests is based on the location of the user: Users working outside the network Client Proxy redirects web requests to McAfee WGCS. Users working inside the network or connected to the network through the VPN Client Proxy allows web requests to bypass filtering by McAfee WGCS. These requests are automatically redirected for filtering to a Web Gateway appliance installed on the network. Commonly used terms End users working outside the network are working remotely. End-user computers are called client or endpoint computers, or simply the client or endpoint. When Client Proxy software allows web requests to bypass McAfee WGCS, the software remains passive or stands down. Setting up communication with Client Proxy Setting up communication between McAfee WGCS and Client Proxy requires these high-level steps. 1 In the McAfee epo or McAfee epo Cloud management console, create a Client Proxy policy and configure these settings. Proxy Server Address To configure McAfee WGCS as the proxy server, specify the Customer Specific Proxy from the getting-started page as the proxy server address. Unique Customer ID (McAfee epo only) Specify your customer ID. Shared Password Specify the shared password that Client Proxy and McAfee WGCS use to communicate. Traffic Redirection Configure this setting based on whether McAfee WGCS is deployed as a cloud-only or hybrid solution. In a cloud-only deployment, Client Proxy always redirects network traffic to McAfee WGCS for filtering. In a hybrid deployment, Client Proxy only redirects network traffic to McAfee WGCS when a managed endpoint is located outside the network and not connected by VPN. 2 Assign the Client Proxy policy to the managed endpoints. Changing the shared password After you change the shared password in the management console, allow time for: McAfee Web Gateway Cloud Service Installation Guide 9

2 Getting started Configuring McAfee WGCS as the proxy server McAfee epo Cloud to deploy the updated Client Proxy policy to your endpoint computers. This interval depends on the value configured for the Policy enforcement interval setting in your McAfee Agent policy. The Client Proxy software to share the new password with McAfee WGCS. This process can take up to 20 minutes. The shared password must be synchronized with McAfee WGCS, or authentication fails. How Client Proxy applies policy settings Client Proxy policy determines whether the software redirects web requests from end users in your organization to the McAfee WGCS service for filtering or allows them to bypass the service. Policy settings Proxy Servers Bypass List Block List Redirection Settings Description Specifies a list of proxy server addresses, where Client Proxy redirects web requests for filtering by McAfee WGCS. Specifies a list of values that are considered safe. Specifies a list of process names that are not considered safe. Specifies the server addresses that Client Proxy uses to determine whether the end user is working inside the network, connected to the network through the VPN, or working remotely. How settings are applied See Redirection Settings. Web requests sent to these destinations are allowed to bypass filtering by McAfee WGCS and are forwarded to the web. Web requests sent to these processes are blocked, and the end user is sent a block message. Web requests from users working inside the network or connected to the network by VPN are: Cloud-only deployment Redirected to McAfee WGCS for filtering. Hybrid deployment Allowed to bypass McAfee WGCS. These requests are automatically redirected to a Web Gateway appliance installed on the network for filtering. Web requests from users working remotely are redirected to McAfee WGCS for filtering. Configuring McAfee WGCS as the proxy server Configure your endpoint computers to use McAfee WGCS as the proxy server between your organization and the cloud. Best practice: Configure the proxy server settings in your endpoint computers using Client Proxy. Or you can configure the settings in the client browsers using one of these methods. Manual proxy configuration Manually configure the proxy server settings in individual client browsers following the instructions recommended for each browser type and version. Proxy Auto-Configuration (PAC) file Configure the proxy server settings in the client browsers by downloading the proxy configuration instructions from a PAC file. Web Proxy Auto-Discovery (WPAD) protocol - Configure the proxy server settings in the client browsers by downloading the proxy configuration instructions in a PAC file from a WPAD server. You provide and host the PAC file. 10 McAfee Web Gateway Cloud Service Installation Guide

Getting started Before using the cloud service 2 To configure McAfee WGCS as the proxy server, specify the Customer Specific Proxy value provided on the welcome page and port number 80 or 8080. Example: c12345678.saasprotection.com:8080 Before using the cloud service Review information about whitelisting IP address ranges in your firewall and using a geolocation prefix. Whitelisting IP address ranges in your firewall If you are using a firewall to restrict Internet access, configure the firewall to allow traffic to all points of presence in your geographic area. For a complete list of IP address ranges in each area, visit: trust.mcafee.com. Using a geolocation prefix When configuring McAfee WGCS as the proxy server, you can include a prefix that specifies the geographic location you want the Global Routing Manager to use when routing your traffic. For more information and use cases, see KB article KB87631. McAfee Web Gateway Cloud Service Installation Guide 11

2 Getting started Before using the cloud service 12 McAfee Web Gateway Cloud Service Installation Guide

Index A Authentication Settings 8 B best practices deploying with Client Proxy 9 block list Client Proxy 10 bypass list Client Proxy 10 C Client Proxy configuring the proxy server 10 deploying with McAfee WGCS 9 policy settings 10 setting up 9 customer ID 8 Customer Specific Proxy 8 10 D deployment options cloud-only or hybrid 5 G geolocation prefix, using 11 Getting Started 8 H hybrid deployment 5, 9, 10 I IP address ranges, white-listing in your firewall 11 L M McAfee products setting up in order 7 McAfee Web Gateway 5 P Policy Management 8 Proxy Auto-Configuration (PAC) file 10 proxy server configuring McAfee WGCS as 10 proxy servers list 10 R redirection settings Client Proxy 10 S shared password Client Proxy 9 synchronization hybrid 5 U user interface Web Protection 8 W Web Gateway 5 Web Protection hybrid solution 5 user interface 8 Web Proxy Auto-Discovery (WPAD) protocol 10 welcome page about 8 locating 8 location awareness Client Proxy 9 McAfee Web Gateway Cloud Service Installation Guide 13

201708-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback