Web Gateway 7.8.0 Interface Reference Guide

Interface Reference Guide
McAfee Web Gateway 7.8.0
COPYRIGHT
Copyright © 2017 McAfee, LLC
TRADEMARK ATTRIBUTIONS
McAfee and the McAfee logo, McAfee Active Protection, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes,
McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee,
LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE
RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU
DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
2
McAfee Web Gateway 7.8.0
Interface Reference Guide
Contents
1
User interface
7
Main elements of the user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Supporting configuration functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2
Appliances tab
11
3
System settings for distribution in a cluster
13
License settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Tenant Info settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14
4
5
System settings for general services
15
Telemetry settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Date and Time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
File Server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Interface settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
17
18
18
System settings for network functions
23
Network Interfaces settings .
Network Protection settings .
Port Forwarding settings . .
Static Routes settings . . .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
23
26
.
27
. . 28
.
6
File Editor tab
31
7
Proxies
33
Proxy HA settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transparent Router settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transparent Bridge settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Proxies settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ICAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IFP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SOCKS Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Exchange Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Timeouts for HTTP(S), FTP, ICAP, SOCKS, and UDP . . . . . . . . . . . . . . . . . . . .
DNS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
XMPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Periodic Rule Engine Trigger List . . . . . . . . . . . . . . . . . . . . . . . . . .
Domain Name Service settings . . . . . . . . . . . . . . . . . . . . . . . . . .
33
34
36
38
38
38
39
40
41
42
42
43
43
44
44
45
48
49
McAfee Web Gateway 7.8.0
Interface Reference Guide
3
Contents
8
Central Management
51
Central Management settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
9
Policy configuration
61
Rule Sets tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Rule set views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Key elements view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
10
Lists
Lists tab . . . . . . . . . . .
External Lists module settings . . .
External Lists system settings . . .
Settings for subscribed lists content .
11
12
13
14
4
67
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
68
.
69
. . 75
. 76
Settings
79
Settings tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
Authentication
83
Authentication settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Kerberos Administration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Windows Domain Membership settings . . . . . . . . . . . . . . . . . . . . . . . . . .
NTLM Agent settings (NTLM Agent) . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NTLM Agent Specific Parameters (Web Gateway) . . . . . . . . . . . . . . . . . . . . . . .
Administrator account settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administrator role settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
93
94
95
96
97
98
Quota management
101
Time Quota settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Volume Quota settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Coaching settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authorized Override settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Block Session settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Quota system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
101
102
103
103
103
103
Web filtering
105
Key elements for anti-malware filtering . . . . . . . . . . . . . . . . . . . . . . . . . .
Anti-Malware settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Gateway Anti-Malware settings . . . . . . . . . . . . . . . . . . . . . . . . . .
TIE Filter settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TIE Reputations settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Anti-Malware system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Key elements for URL filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
URL Filter settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IFP Proxy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Key elements for media type filtering . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties for media type filtering . . . . . . . . . . . . . . . . . . . . . . . . . . .
Stream Detector settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SSL Client Certificate Handling settings . . . . . . . . . . . . . . . . . . . . . . . . . .
SSL Scanner settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SSL Client Context with CA settings . . . . . . . . . . . . . . . . . . . . . . . . . . .
SSL Client Context without CA settings . . . . . . . . . . . . . . . . . . . . . . . . . .
Certificate Chain settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hardware Security Module settings . . . . . . . . . . . . . . . . . . . . . . . . . . .
Key elements for using Advanced Threat Defense . . . . . . . . . . . . . . . . . . . . . .
Gateway ATD settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Loss Prevention (Classifications) settings . . . . . . . . . . . . . . . . . . . . . . .
105
106
106
109
109
110
110
112
114
115
116
116
117
118
119
122
123
124
127
128
130
McAfee Web Gateway 7.8.0
Interface Reference Guide
Contents
Data Loss Prevention (Dictionaries) settings . . . . . . . . . . . . . . . . . . . . . . . . 131
ICAP Client settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
ReqMod for Cloud settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
133
15
16
Supporting functions
135
Cache settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cache HTTP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Progress Page settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Trickling settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Composite Opener settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bandwidth Control settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Next Hop Proxy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add Next Hop Proxy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protocol Detector settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
135
135
136
137
138
138
140
141
142
User messages
143
Authenticate settings
Block settings . . .
Redirect settings . .
Templates tab . . .
Template Editor . .
17
18
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
143
144
144
145
146
Cloud single sign-on
151
Generic HTTP connector settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Generic SAML2 connector settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .
LDAP authentication settings for SAML single sign-on . . . . . . . . . . . . . . . . . . . . .
Using a web service as the data source for SAML single sign-on . . . . . . . . . . . . . . . . .
Using a database as the data source for SAML single sign-on . . . . . . . . . . . . . . . . . .
Using an LDAP server as the data source for SAML single sign-on . . . . . . . . . . . . . . . .
SAML authentication request settings . . . . . . . . . . . . . . . . . . . . . . . . . .
SAML authentication response settings . . . . . . . . . . . . . . . . . . . . . . . . . .
Generic IceToken connector settings . . . . . . . . . . . . . . . . . . . . . . . . . . .
Key elements for configuring cloud single sign-on . . . . . . . . . . . . . . . . . . . . . .
Single Sign On lists and settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Single Sign On lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Single Sign On settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SSO certificate and private key settings . . . . . . . . . . . . . . . . . . . . . . .
151
153
157
158
158
159
160
160
161
162
164
164
165
167
Cloud storage encryption
169
Cloud Storage Encryption settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Cloud Storage Encryption Support settings . . . . . . . . . . . . . . . . . . . . . . . .
169
19
20
21
Hybrid solution
171
Hybrid settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
171
Monitoring
173
Alert filtering options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Charts and tables display options . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of charts and tables information . . . . . . . . . . . . . . . . . . . . . . . .
Log File Manager settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
File System Logging settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SNMP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ePolicy Orchestrator settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
173
175
175
182
186
186
189
Troubleshooting
191
Rule tracing panes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
191
McAfee Web Gateway 7.8.0
Interface Reference Guide
5
Contents
Troubleshooting settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
198
Configuration lists
201
List of actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of block reason IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of error IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of incident IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - G . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Properties - W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of statistics counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
201
202
203
208
219
228
232
233
238
242
245
250
252
252
252
255
261
263
279
281
282
289
295
296
310
311
316
316
23
List of important special glob characters
321
24
List of important special regex characters
323
25
Third-party software
327
Third-party software list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
327
Index
335
22
6
McAfee Web Gateway 7.8.0
Interface Reference Guide
1
User interface
The user interface allows you to work with rules, lists, settings, accounts, and other items for administering Web
Gateway. It provides information on key filtering and system parameters and enables you to perform
troubleshooting measures.
Contents
Main elements of the user interface
Supporting configuration functions
Main elements of the user interface
The main elements of the user interface can be seen in the following sample screen.
Figure 1-1 User interface
The table below describes the main elements of the user interface.
McAfee Web Gateway 7.8.0
Interface Reference Guide
7
1
User interface
Main elements of the user interface
Table 1-1 Main elements of the user interface
Option
Definition
System information
line
Displays system and user information.
User Preferences
Opens a window to let you configure settings for the user interface and change your
password.
Logout
Logs you off from the user interface.
Help icon
Opens the online Help.
You can browse through its pages or navigate on a tree structure and perform a full
text search or search for index terms.
Top-level menu bar
Lets you select one of the following menus:
• Dashboard — For viewing information on events, web usage, filtering activities, and
system behavior
• Policy — For configuring your web security policy
• Configuration — For configuring the system settings of the appliance
• Accounts — For managing administrator accounts
• Troubleshooting — For solving problems on the appliance
Search
Opens a window with the following search options:
• Search for objects — Lets you search for rule sets, rules, lists, and settings.
Typing a search term in the input field displays all objects with names matching the
search term.
• Search for objects referring to — Lets you select a list, property, or settings and displays
all rules that use the selected item.
Save Changes
Saves or discards your changes.
Clicking this button saves your latest changes.
Clicking the arrow next to the button opens a menu with these options:
• Discard Changes and Reload — Discards all changes made since the last save and reloads
the old configuration.
• Save Changes with Comment — Opens a window to let you type a plain-text comment
before saving your latest changes.
8
McAfee Web Gateway 7.8.0
Interface Reference Guide
User interface
Supporting configuration functions
1
Table 1-1 Main elements of the user interface (continued)
Option
Definition
Tab bar
Provides the tabs of the currently selected top-level menu.
The top-level menus have the following tabs:
• Dashboard
• Alerts
• Charts and Tables
• Policy
• Rule Sets
• Lists
• Settings
• Templates
• Configuration
• Appliances
• File Editor
• Accounts
• Administrator Accounts
The Troubleshooting top-level menu has no tabs.
Toolbar (on tab)
Provides varying tools (depending on the selected tab).
Navigation pane
Provides tree structures of configuration items, such as rules, lists, and settings.
Configuration pane
Provides options for configuring the item that is currently selected on the navigation
pane.
Supporting configuration functions
The user interface provides several functions to support your configuration activities.
Table 1-2 Supporting administration functions
Option
Definition
Yellow triangle
Appears attached to the name of a list that is still empty and needs to be filled by you.
Some filter lists are created, but not filled by the policy configuration wizard because
they are too sensitive.
Yellow text insert
Appears when you move your mouse pointer over an item on the user interface
providing information on the meaning and usage of the item.
OK icon
Appears in a window when the input you entered is valid.
False icon
Appears in a window when the input you entered is invalid.
Message text
Appears with the False icon, providing information on your invalid input.
Light red color of
input field
Indicates an invalid entry.
McAfee Web Gateway 7.8.0
Interface Reference Guide
9
1
User interface
Supporting configuration functions
Table 1-2 Supporting administration functions (continued)
Option
Definition
Save Changes
The button turns red when you change an item.
It turns gray again when you have saved your changes.
Red triangle
Appears attached to tabs, icons, and list entries when you have changed an item and
not yet saved.
For example, when you have changed a rule, the red triangle appears:
• In the row of the rule entry on the settings pane
• On the rule set icon
• On the projection of the Rule Sets tab
• On the Policy icon of the top-level menu bar
10
McAfee Web Gateway 7.8.0
Interface Reference Guide
2
Appliances tab
Use the Appliances tab to configure settings for the system of a Web Gateway appliance.
Figure 2-1 Appliances tab
Main elements of the Appliances tab
The following table describes the main elements of the Appliances tab.
Table 2-1 Main elements of the Appliances tab
Element
Description
Appliances toolbar
Toolbar with items for adding appliances to a Central Management
configuration, removing them, and updating them all at once
Appliances tree
Tree structure of appliances with the system settings for each
appliance
Appliance toolbar
Toolbar with items for working with a selected appliance
(appears when an appliance is selected
on the appliances tree)
Appliance settings
System settings for the selected appliance
Appliances toolbar
The appliances toolbar provides the following options.
McAfee Web Gateway 7.8.0
Interface Reference Guide
11
2
Appliances tab
Table 2-2 Appliances toolbar
Option
Definition
Add
Opens the Add Appliance window for adding an appliance.
Delete
Deletes a selected appliance.
A window opens to let you confirm the deletion.
Manual engine update Updates DAT files with virus signatures and other filtering information for all appliances in
a Central Management configuration.
Appliance toolbar
The appliance toolbar provides the following options.
Table 2-3 Appliance toolbar
Option
Definition
Reboot
Restarts an appliance.
Flush cache
Flushes the web cache of an appliance.
Update appliance software Installs an updated version of the appliance software.
12
Shutdown
Lets an appliance become inactive.
Rotate logs
Rotates log files on an appliance.
Rotate and push logs
Rotates log files on an appliance and pushes them to the destination that is specified
within the Log File Manager settings.
McAfee Web Gateway 7.8.0
Interface Reference Guide
3
System settings for distribution in a cluster
Some system settings are configured for all appliances that run as nodes in a Central Management cluster.
These settings are configured on an individual appliance and then distributed to all other appliances in the
cluster.
System settings for distribution in a cluster include:
•
License settings
•
Tenant Info settings
•
Web Hybrid settings
Contents
License settings
Tenant Info settings
License settings
The License settings are used for importing a license to an appliance. Information about the license is shown
together with these settings, and options for reviewing the agreements on license and data usage.
License Administration
Settings for importing a license
Table 3-1 License Administration
Option
Definition
Import license
Provides the options that are required for importing a license.
I have read and accept the
end user license agreement
Provides a link to the End User License Agreement and a checkbox to select after
reading the document.
To import a license, the checkbox must be selected, otherwise the import options
remains grayed out.
License file
Shows the name and path of the license file that has been selected after browsing
the local file system.
When the name and path appear in this field, more license information is shown
under License information.
The license is activated by clicking Save Changes.
Browse
Opens the local file system to let you browse for a license file.
License Information
Information about an imported license and an option for reviewing the Data Usage Statement
McAfee Web Gateway 7.8.0
Interface Reference Guide
13
3
System settings for distribution in a cluster
Tenant Info settings
Table 3-2 License Information
Option
Definition
Status
Shows the name of a license file.
Creation
Shows the date when a license file was created.
Expiration
Shows the date when a license file expires.
License ID
Shows the ID of a license.
Customer
Shows the name of the license owner.
Customer ID
Shows the ID of the license owner.
Seats
Shows the number of workplaces in the license owner's organization that the
license is valid for,
Evaluation
Shows whether the license has been evaluated.
Features
Lists the features of Web Gateway that are covered by the license.
I have read and understood the data Provides a link to the Data Usage Statement.
usage statement
Tenant Info settings
The Tenant Info settings are used for configuring a tenant ID.
Tenant ID Configuration
Settings for configuring a tenant ID
Table 3-3 Tenant ID Configuration
14
Option
Definition
Tenant ID generation status
information
Provides information about the generation status of the tenant ID.
Show Provisioning Key
Lets the provisioning key, which is used for generating the tenant ID,
appear in the provisioning key field.
Copy
Copies the provisioning key.
Provisioning key field
Shows the provisioning key.
Open cloud ePO and generate activation
key.
Provides information about how to continue with creating the tenant ID.
Activation key field
Shows the activation key for the tenant ID that you have created by
working with McAfee ePO and pasted into this field.
Set Tenant ID
Sets the tenant ID to make it known on Web Gateway.
McAfee Web Gateway 7.8.0
Interface Reference Guide
4
System settings for general services
Some system settings are configured for functions that provide general services of the appliance system.
Settings for general services include:
•
Telemetry settings
•
Date and Time settings
•
File Server settings
•
User Interface settings
Contents
Telemetry settings
Date and Time settings
File Server settings
User Interface settings
Telemetry settings
The Telemetry settings are used for configuring the collection of feedback data about web objects that are
potentially malicious, as well as about policy configuration.
Feedback Settings
Settings for collecting feedback data
You can separately enable or disable each of the following options.
Table 4-1 Feedback Settings
Option
Definition
Send feedback to McAfee about system
information and suspicious URLs to improve
its threat prediction and protection services
When selected, feedback data is collected and sent to special McAfee
feedback servers.
McAfee collects this data to analyze it and improve the threat
prediction and protection features of Web Gateway.
For more information, see the Data Usage Statement.
Send feedback to McAfee about potentially
malicious websites
McAfee Web Gateway 7.8.0
When selected, relevant data for virus and malware filtering is
collected and sent to a special McAfee feedback server.
Interface Reference Guide
15
4
System settings for general services
Telemetry settings
Table 4-1 Feedback Settings (continued)
Option
Definition
Send feedback to McAfee about dynamically
classified websites
When selected, relevant data for classifying websites is collected and
sent to a special McAfee feedback server.
Send feedback to McAfee about policy
configuration to improve the product
When selected, relevant data for policy configuration is collected and
sent to a special McAfee feedback server.
Further Information
Link to the Data Usage Statement
Table 4-2 Further Information
Option
Definition
Data Usage Statement Provides a link to the data usage statement, which explains:
• What McAfee uses collected feedback data for
• What data is collected
• How data collection can be turned off for different types of data
The data usage statement has also been presented to you at the initial setup of the
appliance.
Advanced Settings
Advanced settings for collecting feedback data
Table 4-3 Advanced Settings
Option
Definition
Use upstream proxy
When selected, a proxy server is used to send feedback data to McAfee.
IP or name of the proxy
Specifies the IP address or host name of the proxy server.
Port of the proxy
Specifies the port number of the port on the proxy server that listens for requests to
send feedback data.
The port number can range from 1 to 65635.
The default port number is 9090.
User name
Provides the user name that is required for logging on to the proxy server.
Password
Provides the password that is required for logging on to the proxy server.
Clicking Set opens a window for setting the password.
Choose feedback server When selected, an IP address and port number can be configured for the server that
feedback data is sent to.
IP of the server
Specifies the IP address of the feedback server.
Port of the server
Specifies the port number of the port on the feedback server that listens for requests to
send data.
The port number can range from 1 to 65635.
The default port number is 443.
Port of the server
16
When selected, feedback-sending activities are logged.
McAfee Web Gateway 7.8.0
Interface Reference Guide
System settings for general services
Date and Time settings
4
Date and Time settings
The Date and Time settings are used for configuring the time servers that synchronize date and time of the
appliance system. They also allow you to set the system time manually.
Date and Time
Settings for date and time of the appliance system
Table 4-4 Date and Time
Option
Definition
Enable time
synchronization with NTP
servers
When selected, the appliance uses time servers under the NTP (Network Time
Protocol) for time synchronization.
The system time of the appliance is then synchronized with the time on the NTP
servers. This will fail, however, if the delta between both times is too big.
Best practice: Restart the appliance after configuring time synchronization with NTP
servers. When the appliance restarts, it sets system time to the time on the NTP
servers.
NTP server list
Provides a list for entering the servers that are used for time synchronization under
the NTP protocol.
The list elements are as follows:
• String — Specifies the name of an NTP server.
• Comment — Provides a plain-text comment on an NTP server.
Select time zone
Provides a list for selecting a time zone.
Time synchronization performed by the NTP servers or manually set time refer to the
time zone that you select here
Set System Time Manually
Settings for configuring time and date on the appliance system manually
Table 4-5 Set System Time Manually
Option
Definition
Current date and
time
Provides items for setting date and time of the appliance system.
• Date — Enables you to enter a date by typing it in the field or using a calendar.
• Calendar icon — Opens a calendar for selecting a date.
After selecting a date on the calendar and clicking OK, the date appears in the date field.
• Time — Lets you specify a time by typing it.
The system time of an appliance is then synchronized with the time on the NTP servers. This
will fail, however, if the delta between both times is too big.
Best practice: Restart the appliance after configuring time synchronization with NTP servers.
When the appliance restarts, it sets system time to the time on the NTP servers.
Set now
McAfee Web Gateway 7.8.0
Sets the date and time you have entered into the corresponding fields.
Interface Reference Guide
17
4
System settings for general services
File Server settings
File Server settings
The File Server settings are used for configuring dedicated file server ports on an appliance to enable, for
example, the downloading of files by clients.
HTTP Connector Port
Settings for dedicated file server ports on an appliance
Table 4-6 HTTP Connector Port
Option
Definition
Enable dedicated
file server port
over HTTP
When selected, the dedicated HTTP file server ports configured below are enabled.
HTTP connector
Specifies the port number of the dedicated HTTP file server port.
You can enter more than one port number here, separating them by commas. The allowed
range is 1024 to 65335.
You can set up a port forwarding rule if you want to forward requests to ports 1–1023.
Instead of entering a port number alone, you can enter it with an IP address. This means
connecting to an appliance over this port is only allowed when using the specified address.
For example:
An appliance has two interfaces with IP addresses as follows:
eth0: 192.168.0.10, eth1: 10.149.110.10
You enter the following under HTTP connector:
4711, 192.168.0.10:4722
Then connecting to the appliance over port 4711 is allowed using both IP addresses,
whereas connecting over port 4722 requires that IP address 192.168.0.10 is used.
Restricting connections in the latter way can be used for setting up an intranet.
Enable dedicated
file server port
over HTTPS
When selected, a dedicated HTTPS file server port is enabled.
HTTPS connector
Specifies the port number of the dedicated HTTPS file server port.
You can enter more than one port number here, separating them by commas. The allowed
range is 1024 to 65335.
Entering an IP address with a port number can be done in the same way as for the HTTP
connector and has the same meaning.
You can set up a port forwarding rule if you want to forward requests to ports 1–1023.
User Interface settings
The User Interface settings are used for configuring elements of the local user interface of an appliance. These
elements include ports, the logon page, a certificate for SSL-secured communication, and other items.
UI Access
Settings for configuring the way that the user interface of an appliance can be accessed
18
McAfee Web Gateway 7.8.0
Interface Reference Guide
System settings for general services
User Interface settings
4
Table 4-7 UI Access
Option
Definition
HTTP connector
Provides options for configuring access to the user interface under the HTTP protocol.
• Enable local user interface over HTTP — When selected, you can connect to the user interface
under the HTTP protocol.
• HTTP connector — Specifies a port for connecting to the user interface under HTTP.
• Enable REST interface over HTTP — When selected, you can connect to the REST interface
under the HTTP protocol.
HTTPS connector
Provides options for configuring access to the user interface under the HTTPS protocol.
• Enable local user interface over HTTPS — When selected, you can connect to the user interface
under the HTTPS protocol.
• HTTPS connector — Specifies a port for connecting to the user interface under HTTPS.
• Enable REST interface over HTTPS — When selected, you can connect to the REST interface
under the HTTPS protocol.
HTTPS client
certificate
connector
Provides options for configuring a client certificate connector.
• Enable client certificate authentication — When selected, client certificate authentication can be
performed.
• HTTPS connector for client certificate authentication — Specifies a port for connecting to the user
interface when client certificate authentication is performed.
• Redirect target after authentication — When selected, a request is redirected after client
certificate authentication has successfully been performed.
• Redirection host and port — Specifies the host system and the port on this system that
requests are redirected to.
Miscellaneous
Provides miscellaneous options for configuring access to the user interface.
• Session timeout — Limits the time (in minutes) that elapses before a session on the user
interface is closed if no activities occur.
The range for the session timeout is 1–99,999 minutes.
The timeout is 30 minutes by default.
Login Page Options
Settings for the page that is used to log on to the user interface of an appliance
Table 4-8 Login Page Options
Option
Definition
Allow browser to save
login credentials
When selected, credentials submitted by a user for logging on to an appliance are
saved by the browser.
Restrict browser session
to IP address of user
When selected, a session for working with the user interface is only valid as long as the
IP address of the client that the user started this session from remains the same.
Let user decide to restrict When selected, it is up to the user who started a session for working with the user
session for IP address or interface whether it should be valid only for the IP address of the client that the
session was started from.
not
Allow multiple logins per
login name
When selected, more than one user can log on to the user interface using the same
user name and password.
Use HTTPOnly session
cookies (applet loading
may take longer)
When selected, HTTPOnly cookies are used for a session with the user interface.
McAfee Web Gateway 7.8.0
Interface Reference Guide
19
4
System settings for general services
User Interface settings
Table 4-8 Login Page Options (continued)
Option
Definition
Enable protection against When selected, the page used by the administrator for logging on to the user interface
cross-site scripting and
of Web Gateway from a browser is protected against a common type of attack.
clickjacking
The attack can be performed by combining two methods. Two HTTP headers are
added when the page is sent to the browser to prevent these methods from being
executed.
• Cross-site scripting — Malicious JavaScript code is inserted in the page, which is
executed when the administrator responds to a prompt on the page, for example,
by entering a user name.
Header name and value — X-XSS-Protection: 1
• Clickjacking — The page is embedded in an iFrame, which can be used to steal the
data that is entered on the page.
Header name and value — X-Frame-Options: DENY
Maximum number of
active applet users
Limits the number of users that can be logged on to the user interface of an appliance
at the same time.
The maximum number of users is 20 by default.
Provides the following options for displaying an additional message on the page used
for logging on to the user interface.
Login message
You can work with these options if you want to display a message, for example, to
comply with internal policies or external regulations.
• Show on login page — When selected, the text that you type in the HTML message field,
appears on the logon page.
• HTML message — The text that you type in this field appears on the logon page.
User Interface Certificate
Settings for a certificate that is used in SSL-secured communication over the HTTPS port for the user interface
Table 4-9 User Interface Certificate
Option
Definition
Subject, Issuer, Validity, Extensions
Provide information about the certificate that is currently in use.
Import
Opens the Import Certificate Authority window for importing a new certificate.
Certificate chain
Displays a certificate chain that is imported with a certificate.
Import Certificate Authority window
Settings for importing a certificate that is used in SSL-secured communication
Table 4-10 Import Certificate Authority window
Option
Definition
Certificate
Specifies the name of a certificate file.
The file name can be entered manually or by using the Browse button in the same line.
Browse
20
Opens the local file manager to let you browse for and select a certificate file.
McAfee Web Gateway 7.8.0
Interface Reference Guide
System settings for general services
User Interface settings
4
Table 4-10 Import Certificate Authority window (continued)
Option
Definition
Private key
Specifies the name of a private key file.
The file name can be entered manually or by using the Browse button in the same line.
Only keys that are AES-128-bit encrypted or unencrypted keys can be used here.
Browse
Opens the local file manager to let you browse for and select a private key file.
Password
Sets a password that allows the use of a private key.
Import
Opens the Import Certificate Authority window for importing a new certificate.
OK
Starts the import process for the specified certificate.
Certificate chain Specifies the name of a certificate chain file.
The file name can be entered manually or by using the Browse button in the same line.
Browse
Opens the local file manager to let you browse for and select a certificate chain file.
After importing a certificate with a certificate chain, the certificate chain is displayed in the
Certificate chain field of the User Interface Certificate settings.
Memory Settings
Settings for the memory that is available when working with the user interface of an appliance
Table 4-11 Memory Settings
Option
Definition
Amount of maximum memory
available for GUI applet
Limits the amount of memory (in MiB) that is available for the user interface
applet.
The range for the available maximum is 100–999 MiB.
The available maximum is 512 MiB by default.
Amount of maximum memory
available for MWG UI backend
Limits the amount of memory (in MiB) that is available for the user interface
backend.
The range for the available maximum is 100–9999 MiB.
If no value is specified here, the default maximum of 512 MiB is configured.
REST Settings
Settings for configuring use of the REST interface to work with an appliance
McAfee Web Gateway 7.8.0
Interface Reference Guide
21
4
System settings for general services
User Interface settings
Table 4-12 REST Settings
Option
Definition
Maximum size of a REST
request
Limits the size (in MiB) of a request that is sent to the REST interface.
The maximum amount of memory that is available when working with the REST
interface is 200 MiB.
The maximum size of a request is 2 MiB by default.
Maximum memory per
REST session
Limits the amount of memory (in MiB) that is available for a session when working with
the REST interface.
The maximum amount of memory that is available when working with the REST
interface is 200 MiB.
The maximum amount of memory for a session is 10 MiB by default.
Maximum number of
active REST users
22
McAfee Web Gateway 7.8.0
Limits the number of users that can work with the REST interface at the same time.
The maximum number of users is 20 by default.
Interface Reference Guide
5
System settings for network functions
Some system settings are configured for functions that integrate the appliance system into your network.
System settings for network functions include:
•
Network Interfaces settings
•
Port Forwarding settings
•
Domain Name Service settings
•
Static Routes settings
•
Network Protection settings
•
Proxies settings
Contents
Network Interfaces settings
Network Protection settings
Port Forwarding settings
Static Routes settings
Network Interfaces settings
The Network Interfaces settings are used for configuring the network interfaces of an appliance.
Network Interface Settings
Settings for network interfaces
Table 5-1 Network Interface Settings
Option
Definition
Host name / Fully
qualified domain
name
Specifies the host name of an appliance.
Default gateway
(IPv4)
Specifies the default gateway for web traffic under IPv4.
Default gateway
(IPv6)
Specifies the default gateway for web traffic under IPv6.
Enable these
network interfaces
Provides a list of network interfaces that are available for being enabled or disabled.
IPv4
The name must be specified as fully qualified domain name.
The eth0 network interface is by default included in the list and enabled.
Provides options for configuring network interfaces under IPv4.
The options are provided on a separate tab.
IPv6
Provides options for configuring network interfaces under IPv6.
The options are provided on a separate tab.
McAfee Web Gateway 7.8.0
Interface Reference Guide
23
5
System settings for network functions
Network Interfaces settings
Table 5-1 Network Interface Settings (continued)
Option
Definition
Advanced
Provides options for configuring additional media and a bridge for a network interface.
The options are provided on a separate tab.
Opens a window for adding a network interface for VLAN traffic.
Add VLAN
You can use this option to run VLANs under IPv4 or IPv6.
To add a network interface, you specify a number as its ID and click OK.
The interface name is composed of two parts, separated by a dot.
The first part is the name and number of the interface that is enabled in the list of available
network interfaces. The second part is the number that you specify.
For example, if the eth0 interface is enabled and you specify 1, a network interface for VLAN
traffic is added as eth0.1. It is initially not enabled.
The range of numbers for VLAN network interfaces is 1–4094.
After adding one or more network interfaces for VLAN traffic, you must also add
their IDs to the parameters of the port redirects for the network mode that you
are using, for example, the transparent bridge mode.
The window for adding or editing port redirects provides the Optional 802.1Q VLANs
field for entering VLAN IDs. Separate multiple entries by commas.
Deletes a selected network interface for VLAN traffic.
Delete
The following tables describe the options on the IPv4, IPv6, and Advanced tabs.
IPv4
Tab for configuring network interfaces under IPv4
Table 5-2 IPv4
Option
Definition
IP settings
Lets you select a method to configure an IP address for a network interface.
• Obtain automatically (DHCP) — The IP address is automatically obtained, using the Dynamic
Network Host Protocol (DHCP).
• Configure manually — The IP address is configured manually.
• Disable IPv4 — IPv4 is not used for this interface.
IP address
Specifies the IP address of a network interface (manually configured).
Subnet mask Specifies the subnet mask of a network interface (manually configured).
Default route Specifies the default route for web traffic using the network interface (manually configured).
MTU
Limits the number of bytes in a single transmission unit to the specified value.
IP aliases
Provides a list of aliases for the IP address.
• Add alias — Opens the Input window for adding an alias.
• Delete — Deletes a selected alias.
IPv6
Tab for configuring network interfaces under IPv6
24
McAfee Web Gateway 7.8.0
Interface Reference Guide
System settings for network functions
Network Interfaces settings
5
Table 5-3 IPv6
Option
Definition
IP settings
Lets you select a method to configure an IP address for a network interface.
• Obtain automatically (DHCP) — The IP address is automatically obtained, using the Dynamic
Network Host Protocol (DHCP).
• Solicit from router — The IP address is obtained from a router.
• Configure manually — The IP address is configured manually.
• Disable IPv6 — IPv6 is not used for this interface.
Specifies the IP address of a network interface (manually configured).
IP address
Default route Specifies a default route for web traffic using the network interface (manually configured).
MTU
Limits the number of bytes in a single transmission unit to the specified value.
IP aliases
Provides a list of aliases for the IP address.
• Add alias — Opens a window for adding an alias.
• Delete — Deletes a selected alias.
Advanced
Tab for configuring advanced network interface functions.
The tab provides different options when the currently selected network interface is a bonding interface. These
options are described in a second table.
Table 5-4 Advanced
Option
Definition
Media
Lets you select additional media for use with a network interface.
• Automatically detect — Media for use with a network interface are automatically detected if
available in the network environment of an appliance.
• 1000BaseT-FD, 1000Base-HD, ... — The selected media item is used with a network interface.
Bridge enabled When selected, web traffic is routed through a network interface in transparent bridge mode.
• Name — Specifies the name of the transparent bridge.
Bond enabled
When selected, the currently selected network interface, for example, eth2, is configured as a
bonded interface that is subordinated to a bonding interface.
• Name — Specifies the name of the bonding interface.
The following table describes the options provided on the Advanced tab when a bonding interface is selected.
McAfee Web Gateway 7.8.0
Interface Reference Guide
25
5
System settings for network functions
Network Protection settings
Table 5-5 Advanced
Option
Definition
Bonding
options
Provides options for a bonding interface.
• Mode — Specifies the mode used to let the bonded network interfaces in the bonding
configuration become active.
• Active/Passive — When selected, only one bonded interface is active at any time.
A different bonded interface becomes active only if the active bonded interface fails.
The MAC address of the bonding interface is only visible externally on one port, which avoids
address confusion for a network switch.
This mode is referred to in some system messages as mode 1.
The mode is selected by default.
• 802.3ad/LACP — When selected, all bonded interfaces in the bonding configuration are active.
The bonded interface for outgoing traffic is selected according to the configured hash policy.
This mode is referred to in some system messages as mode 4.
When this mode is selected, the LACP rate and Hash policy options become accessible.
• Miimon — Sets the time interval (in milliseconds) for sending the polling messages of the MII
monitoring program.
The default interval is 100 milliseconds.
• LACP rate — Sets the transmission rate for sending LACP-DU data packets in 802.3ad mode.
• Slow — When selected, data packets are sent every 30 seconds.
This transmission rate is selected by default.
• Fast — When selected, data packets are sent every second.
• Hash policy — Determines the way that a hash value is calculated for a bonding configuration.
• Layer2 — When selected, a combination of layer 2 values is used to calculate the hash. The
values that are included in this combination are hardware MAC addresses and packet type ID
addresses.
This hash policy is selected by default.
• Layer2+3 — When selected, a combination of layer 2 and layer 3 protocol information is used
to calculate the hash.
Network Protection settings
The Network Protection system settings are used for configuring protective rules for traffic coming in to an
appliance from your network.
Network Protection Rules
Settings for configuring network protection rules
26
McAfee Web Gateway 7.8.0
Interface Reference Guide
System settings for network functions
Port Forwarding settings
5
Table 5-6 Network Protection Rules
Option
Definition
Enable network protection
When selected, the settings configured in the following for network protection are
enabled.
Input policy
Lets you select the action taken on incoming traffic.
Incoming traffic can either be dropped or accepted.
Allow Ping requests
When selected, the appliance accepts and answers Ping requests.
Exceptions from default
policy
Provides a list for entering the network devices that send traffic to an appliance.
Traffic from these devices is not handled according to the rules that are currently
implemented. When these rules drop incoming traffic, traffic sent from the devices
listed here is accepted and vice versa.
The following table describes an entry in the list of exceptions from the default policy.
Table 5-7 Exceptions from default policy – List entry
Option
Definition
Device
Specifies the name of a network device that sends traffic to the appliance.
Typing * or no input means all devices are covered.
Protocol
Specified the protocol used for sending traffic.
Source
Specifies the IP address or address range of the network device or devices that send traffic to
the appliance.
Destination port Specifies the port on an appliance that is the destination of network traffic.
Comment
Provides a plain-text comment on an exception.
Port Forwarding settings
The Port Forwarding settings are used for configuring rules that let an appliance forward web traffic sent from a
port on a particular host to another port.
Port Forwarding
Settings for configuring port forwarding rules
Table 5-8 Port Forwarding
Option
Definition
Port forwarding rules
Provides a list of port forwarding rules.
The following table describes an entry in the list of port forwarding rules.
Table 5-9 Port forwarding rules – List entry
Option
Definition
Source host
Specifies the IP address of a host that is the source of web traffic in a port forwarding rule.
Bind IP
Specifies the bind IP address.
Target port
Specifies the port that web traffic from the source host is forwarded to.
Destination host Specifies the IP address of the host that is the destination of web traffic sent from the source
host.
McAfee Web Gateway 7.8.0
Interface Reference Guide
27
5
System settings for network functions
Static Routes settings
Table 5-9 Port forwarding rules – List entry (continued)
Option
Definition
Destination port Specifies the port on the destination host used for listening to web traffic coming in from the
source host.
Provides a plain-text comment on a port forwarding rule.
Comment
The Port Forwarding settings continue as follows.
Table 5-10 Port Forwarding (continued)
Option
Definition
Enable extended
connection logging
When selected, all logs for port forwarding are stored on the appliance system
under /var/log/mwg_fwd.log.
The logging options that you configure here apply to all port forwarding that performed
under the configured port forwarding rules.
The stored log files can also be viewed on the user interface under the Troubleshooting
top-level menu.
Select the appliance that you want to view log files for, then select Log files and open the
system folder.
Customize extended
logging fields
When selected, the input fields for configuring the type of data that should be logged
become accessible.
Log on success
Lets you enter the type of data to be logged when web traffic is successfully forwarded.
You can enter one or more of the following data types by typing them in capital letters,
separated by commas: PID, HOST, USERID, EXIT, DURATION, TRAFFIC.
Log on failure
Lets you enter the type of data to be logged when forwarding web traffic failed.
You can enter one or more of the following data types by typing them in capital letters,
separated by commas: HOST, USERID, ATTEMPT.
HOST data is logged by default.
Static Routes settings
The Static Routes settings are used for configuring routes that always use the same gateway and interface on this
gateway when web traffic is routed from an appliance to a particular host.
Static Routes
Settings for static routes under IPv4 or IPv6
Table 5-11 Static Routes
Option
Definition
Static routes list
Provides a list of static routes for transmitting web traffic under IPv4 or IPv6.
The following table describes an entry in the list of static routes.
Table 5-12 Static routes list – List entry
Option
Definition
Destination Specifies the IP address and (optionally) net mask of the host that is the destination of a static
route.
Gateway
28
Specifies the IP address of the gateway for routing web traffic from the appliance to a host.
McAfee Web Gateway 7.8.0
Interface Reference Guide
System settings for network functions
Static Routes settings
5
Table 5-12 Static routes list – List entry (continued)
Option
Definition
Device
Specifies the interface used on a gateway for a static route.
Description Provides a plain-text description of a static route.
Comment
Provides a plain-text comment on a static route.
Source-based routing
Settings for source-based routing under IPv4 or IPv6
Table 5-13 Source-based routing
Option
Definition
Source-based routing for IPv4
When selected, source-based routing is performed under IPv4.
Source-based routing for IPv6
When selected, source-based routing is performed under IPv6.
Static source routing table number Provides a list of entries for source routing tables that are used to route the
traffic that is sent and received through the management user interface.
Source-based routing list for IPv4
Provides a list of routing entries for the traffic that is sent and received through
the management user interface.
These routing entries are for a network where IPv4 is followed.
Source-based routing list for IPv6
These routing entries are for a network where IPv6 is followed.
The following table describes an entry in the list for static source routing tables.
Table 5-14 Static source routing table number – List entry
Option
Definition
Source information to look up routing
table
Specifies the source IP address of the traffic that is routed according to the
configured static source routing table.
Routing table number
Specifies the number of the routing table for routing the traffic that is sent
and received through the management user interface.
Comment
Provides a plain-text comment on a static source routing table.
The following table describes an entry in the list for source-based routing under IPv4.
Table 5-15 Source-based routing list for IPv4 – List entry
Option
Definition
Destination
Specifies the IP address range (in CIDR notation) for the destinations of the traffic that is
sent through the management network interface.
Routing table number Specifies the number of the routing table for routing the traffic that is sent and received
through the management user interface.
Gateway
Specifies the IP address of the gateway for the traffic that is sent and received through the
management network interface.
Device
Specifies the name of the network interface that is configured as the management
network interface.
Source IP
Specifies the IP address of the network interface that is configured as the management
network interface.
This address is the source IP address of the traffic that is routed according to the routing
table.
Comment
McAfee Web Gateway 7.8.0
Provides a plain-text comment on an entry for source-based routing.
Interface Reference Guide
29
5
System settings for network functions
Static Routes settings
The following table describes an entry in the list for source-based routing under IPv6.
Table 5-16 Source-based routing list for IPv6 – List entry
Option
Definition
Destination
Specifies the IP address range (in CIDR notation) for the destinations of the traffic that is
sent through the management network interface.
Routing table number Specifies the number of the routing table for routing the traffic that is sent and received
through the management user interface.
Gateway
Specifies the IP address of the gateway for the traffic that is sent and received through the
management network interface.
Device
Specifies the name of the network interface that is configured as the management
network interface.
Source IP
Specifies the IP address of the network interface that is configured as the management
network interface.
This address is the source IP address of the traffic that is routed according to the routing
table.
Comment
30
Provides a plain-text comment on an entry for source-based routing.
McAfee Web Gateway 7.8.0
Interface Reference Guide
6
File Editor tab
The File Editor tab allows you to edit system files on an appliance.
Main elements of the File Editor tab
The following table describes the main elements of the File Editor tab.
Table 6-1 Main elements of the File Editor tab
Element
Description
Files
Tree structure of appliances with the system files for each
appliance
Editor
Toolbar with items for editing a system file and content pane for
displaying the file entries
(appears when a system file is selected
under Files)
Editor toolbar
The Editor toolbar provides the following options.
McAfee Web Gateway 7.8.0
Interface Reference Guide
31
6
File Editor tab
Table 6-2 File Editor toolbar
Option
Definition
Edit
Opens a menu with options for editing the text in system file entries.
• Cut — Cuts out selected text
• Delete — Deletes selected text
• Copy — Copies selected text
• Select All — Selects the complete text
• Paste — Pastes copied or cut-out text
Discard changes Discards text changes.
A window opens to let you confirm the discarding.
32
McAfee Web Gateway 7.8.0
Interface Reference Guide
7
Proxies
The appliance uses its proxy functions to intercept web traffic and transmit it if this is allowed by the filtering
rules. You can configure these functions to meet the requirements of your network.
The following are key settings for proxies:
•
Network mode — Explicit proxy mode or a transparent mode
Specific settings can be configured for each of these modes.
•
Network protocol — HTTP, HTTPS, FTP, ICAP, and instant messaging protocols
Protocol settings are common proxy settings that can be configured for each of the network modes.
You can configure other common proxy settings and also implement special proxy solutions, for example,
reverse HTTPS proxy or proxy auto-configuration.
Contents
Proxy HA settings
Transparent Router settings
Transparent Bridge settings
Proxies settings
Proxy HA settings
The Proxy HA settings are used for configuring the proxy functions of the appliance in explicit proxy mode with
High Availability functions.
Proxy HA
Settings for the explicit proxy mode with High Availability functions
Table 7-1 Proxy HA
Option
Definition
Port redirects
Provides a list for entering the ports that requests sent by users are redirected to.
Director priority Sets the priority (ranging from 0 to 99) that an appliance takes in directing data packets.
The highest value prevails. 0 means the appliance never directs data packets, but only filters
them.
In a High Availability configuration, two appliances are typically configured as director nodes
with a priority higher than zero to direct data packets, providing fail-over functions for each
other.
The remaining nodes are configured with zero priority (also known as scanning nodes).
The priority value is set on a slider scale.
McAfee Web Gateway 7.8.0
Interface Reference Guide
33
7
Proxies
Transparent Router settings
Table 7-1 Proxy HA (continued)
Option
Definition
Management IP Specifies the source IP address of an appliance that directs data packets when sending
heartbeat messages to other appliances.
Virtual IPs
Provides a list of virtual IP addresses.
We strongly recommend that you do not use a virtual IP to log on to the user interface when you
have configured the explicit proxy mode with High Availability functions (Proxy HA) on Web
Gateway.
The following two tables describe entries in the list of port redirects and the list of virtual IP addresses.
Table 7-2 Port redirects – List entry
Option
Definition
Protocol name
Specifies the name of the protocol used for data packets coming in when a user sends
a request.
Original destination ports Specifies the ports that redirected data packets were originally sent to.
Destination proxy port
Specifies the port that data packets sent to the above ports originally are redirected to.
Optional 802.1Q VLANs
Lists the IDs of the network interfaces for VLAN traffic that are configured.
Comment
Provides a plain-text comment on a port redirect.
Table 7-3 Virtual IPs – List entry
Option
Definition
Virtual IP address Specifies a virtual IP address (in CIDR notation).
Network interface Specifies a network interface on an appliance used for heartbeats under VRRP (Virtual Router
Redundancy Protocol).
Comment
Provides a plain-text comment on a virtual IP address.
Transparent Router settings
The Transparent Router settings are specific settings for configuring the proxy functions of an appliance in
transparent router mode.
Transparent Router
Settings for configuring the transparent router mode
34
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Transparent Router settings
7
Table 7-4 Transparent Router
Option
Definition
Port redirects
Provides a list for entering the ports that requests for web access sent by users of your
network are redirected to.
Director priority
Sets the priority (ranging from 0 to 99) that an appliance takes in directing the data packets
that are sent in a request.
When several appliances are run as nodes in a complex configuration, for example, a
Central Management cluster, the node with the highest value is the director node, while
the other nodes are scanning nodes that only perform filtering activities.
The director node receives data packets, distributes them to the other nodes for filtering,
and forwards the data packets that have passed the filtering to the web.
In a complex configuration, set the director note to a value higher than zero, and set the
scanning nodes to zero.
If you are only running one Web Gateway appliance in your network and want to configure
it in transparent router mode, you must still set its priority to a value higher than zero to let
it receive, filter, and forward data packets.
Management IP
Specifies the source IP address of an appliance that directs data packets when sending
heartbeat messages to other appliances.
Virtual IPs
Provides a list for entering virtual IP addresses.
Virtual router ID
Identifies a virtual router.
VRRP interface
Specifies the network interface on an appliance for sending and receiving heartbeat
messages.
IP spoofing (HTTP,
HTTPS)
When selected, the appliance keeps the client IP address that is sent with a request as the
source address and uses it in communication with the requested web server under various
protocols.
The appliance does not verify whether this address matches the host name of the request.
IP spoofing (FTP)
When selected, the appliance communicates with a file server under the FTP protocol in
the same way as under the HTTP or HTTPS protocol to perform IP spoofing.
For active FTP, this option must be enabled.
The following two tables describe entries in the list of port redirects and the list of virtual IP addresses.
Table 7-5 Port redirects – List entry
Option
Definition
Protocol name
Specifies the name of the protocol used for sending and receiving requests.
Original destination
ports
Specifies the ports that requests must originally be sent to if they are to be redirected.
Destination proxy port
Specifies the port that requests are redirected to.
Source IP based
exceptions
Excludes requests that have been received from clients with the specified IP addresses
from redirecting.
• For each IP address, a net mask must also be specified.
• When a request is excluded from redirecting, it is not processed by any of the filtering
rules that are implemented.
• You can configure redirection exceptions in this way to let requests received from
trusted sources skip further processing on Web Gateway or for troubleshooting
connection problems.
McAfee Web Gateway 7.8.0
Interface Reference Guide
35
7
Proxies
Transparent Bridge settings
Table 7-5 Port redirects – List entry (continued)
Option
Definition
Destination IP based
exceptions
Excludes requests that are sent to a destination with the specified IP address from
redirecting.
• For each IP address, a net mask must also be specified.
• When a request is excluded from redirecting, it is not processed by any of the filtering
rules that are implemented.
• You can configure redirection exceptions in this way to let requests sent to trusted
destinations skip further processing on Web Gateway or for troubleshooting
connection problems.
Optional 802.1Q VLANs Lists the IDs of the network interfaces for VLAN traffic that are configured.
Comment
Provides a plain-text comment on a port redirect.
Table 7-6 Virtual IPs – List entry
Option
Definition
Virtual IP address Specifies a virtual IP address (in CIDR notation).
Network interface Specifies a network interface on an appliance that the virtual IP address configured here is
assigned to.
This virtual IP address is only assigned to the interface if the current node takes the role of an
active director.
Comment
Provides a plain-text comment on a virtual IP address.
Transparent Bridge settings
The Transparent Bridge settings are specific settings for configuring the proxy functions of an appliance in
transparent bridge mode.
Transparent Bridge
Settings for configuring the transparent bridge mode
Table 7-7 Transparent Bridge
Option
Definition
Port redirects
Provides a list for entering the ports that requests for web access sent by users of your
network are redirected to.
Director priority
Sets the priority (ranging from 0 to 99) that an appliance takes in directing the data packets
that are sent in a request.
The highest value prevails. 0 means an appliance is what is known as a scanning node,
which never directs data packets, but only filters them.
You can use this option only to configure a node as a scanning node (priority = 0)
or a director node (priority > 0).
Differences in node priorities greater than 0 are not evaluated.
After configuring node priorities greater than 0 for multiple appliances in
transparent bridge mode, you need to watch their behavior to find out which one
has actually become the director node that directs data packets.
36
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Transparent Bridge settings
7
Table 7-7 Transparent Bridge (continued)
Option
Definition
Management IP
Specifies the source IP address of an appliance that directs data packets when sending
heartbeat messages to other appliances.
IP spoofing (HTTP,
HTTPS)
When selected, the appliance keeps the client IP address that is sent with a request as the
source address and uses it in communication with the requested web server under various
protocols.
The appliance does not verify whether this address matches the host name of the request.
IP spoofing (FTP)
When selected, the appliance communicates with a file server under the FTP protocol in the
same way as under the HTTP or HTTPS protocol to perform IP spoofing
For active FTP, this option must be enabled.
The following table describes an entry in the list of port redirects.
Table 7-8 Port redirects – List entry
Option
Definition
Protocol name
Specifies the name of the protocol used for sending and receiving requests.
Original destination
ports
Specifies the ports that redirected requests must originally be sent to if they are to be
redirected.
Destination proxy port
Specifies the port that requests are redirected to.
Source IP based
exceptions
Excludes requests that have been received from clients with the specified IP addresses
from redirecting.
• For each IP address, a net mask must also be specified.
• When a request is excluded from redirecting, it is not processed by any of the filtering
rules that are implemented.
• You can configure redirection exceptions in this way to let requests received from
trusted sources skip further processing on Web Gateway or for troubleshooting
connection problems.
Destination IP based
exceptions
Excludes requests that are sent to a destination with the specified IP address from
redirecting.
• For each IP address, a net mask must also be specified.
• When a request is excluded from redirecting, it is not processed by any of the filtering
rules that are implemented.
• You can configure redirection exceptions in this way to let requests sent to trusted
destinations skip further processing
Optional 802.1Q VLANs Lists the IDs of the network interfaces for VLAN traffic that are configured.
Comment
McAfee Web Gateway 7.8.0
Provides a plain-text comment on a port redirect.
Interface Reference Guide
37
7
Proxies
Proxies settings
Proxies settings
The Proxies settings are used for configuring specific parameters for the different network modes that can be
implemented on Web Gateway, as well as common parameters that apply for any of these modes. A periodic
triggering of the rule engine can also be configured.
Network Setup
Settings for implementing a network mode
When a network mode is selected, specific settings for this mode appear below these settings.
Table 7-9 Network Setup
Option
Definition
Proxy (optional WCCP) When selected, the explicit proxy mode is used and WCCP services can redirect web
traffic to an appliance.
Proxy HA
When selected, the explicit proxy mode with High Availability functions is used.
Transparent router
When selected, the transparent router mode is used.
Transparent bridge
When selected, the transparent bridge mode is used.
HTTP Proxy
Settings for running a proxy on an appliance under the HTTP protocol
This protocol is used for transferring web pages and other data (also providing SSL encryption for enhanced
security).
Table 7-10 HTTP Proxy
Option
Definition
Enable HTTP proxy
When selected, a proxy is run on an appliance under the HTTP protocol.
HTTP Port Definition list
Provides a list for entering the ports on an appliance that listen to client
requests.
Anonymous login for FTP over
HTTP
Specifies the user name for logging on as an anonymous user when requests are
transmitted to an FTP server by an HTTP proxy on an appliance.
Password for anonymous login
for FTP over HTTP
Sets a password for a user name.
Add Via HTTP header
When selected, a Via HTTP header is added to a request that is processed on an
appliance.
This option is selected by default.
When selected, a content-type header in a request for access to an archive file is
Adjust content-type header for
requests to archives (depending adjusted if this header does not match the content encoding that was detected
for the archive.
on the content encoding)
Host header has priority over
original destination address
(transparent proxy)
When selected, requests that are sent to the proxy on an appliance in
transparent proxy mode are recognized as traffic in explicit proxy mode and
processed accordingly.
Requests can, for example, be received on an appliance in transparent mode
when they have been forwarded by a load balancer. If the proxy does not
recognize the requests as traffic in explicit proxy mode, they will be forwarded to
the web without filtering.
This option is only available if the explicit proxy mode is not already configured
on an appliance.
If the option is available, it is selected by default.
38
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Proxies settings
7
FTP Proxy
Settings for running a proxy on an appliance under the FTP protocol
This protocol is used for transferring files, using separate connections for control functions and data transfer.
When a file is uploaded to the web from an FTP client and processed on Web Gateway, you can send
progress indicators to the client by inserting the FTP Upload Progress Indication event into a suitable
rule.
This will prevent a timeout on the client when processing takes more time, for example, due to
scanning the file for infections by viruses and other malware.
Table 7-11 FTP Proxy
Option
Definition
Enable FTP proxy
When selected, a proxy is run on an appliance under the FTP
protocol.
FTP port definition list
Provides a list for entering the ports on an appliance that listen
to client requests.
Allow character @ in FTP server user name
(Authentication using USER
ftpserveruser@ftpserver)
When selected, this character is allowed in a user name.
Enable authentication using USER
proxyuser@ftpserveruser@ftpserver
When selected, this syntax is allowed for a user name.
Enable authentication using USER
ftpserveruser@proxyuser@ftpserver
When selected, this syntax is allowed for a user name.
Enable customized welcome message
When selected, you can edit the welcome message that is shown
to a user who sends a request for web access under the FTP
protocol.
Type the welcome message into the Customized welcome message
text field, using the appropriate values for the variables that are
contained in the message.
Welcome to §MWG-ProductName$ $MWG-Version$ - build
$MWG.BuildNumber$
Running on $System.HostName$ - $System.UUID$
$Proxy.IP$:$Proxy.Port$
Select the command to be used for next-hop proxy
login
Allows you to select the command that Web Gateway sends for
logon when connecting to a next-hop proxy under the FTP
protocol.
The following commands can be selected:
• SITE
• OPEN
• USER@Host
The following table describes an entry in the FTP port definition list.
Table 7-12 FTP port definition list – List entry
Option
Definition
Listener address
Specifies the IP address and port number for a port that listens to FTP requests.
Data port
Specifies the port number of a port that is used for handling data transfer under
the FTP protocol.
McAfee Web Gateway 7.8.0
Interface Reference Guide
39
7
Proxies
Proxies settings
Table 7-12 FTP port definition list – List entry (continued)
Option
Definition
Port range for client listener
Configures a range of numbers for ports that listen to FTP requests received
from clients.
The range is configured by specifying port numbers for its beginning and end.
Port range for server listener
Configures a range of numbers for ports that listen to FTP responses received
from web servers that requests were forwarded to.
Allow clients to use passive FTP
connections
When selected, requests can be sent from clients using passive connections
under the FTP protocol.
McAfee Web Gateway uses same
connections (active/passive) as
clients does
When selected, Web Gateway uses the same type for forwarding web traffic as a
client that sent a request to Web Gateway.
McAfee Web Gateway uses
passive FTP connections
When selected, Web Gateway can forward web traffic using passive connections
under the FTP protocol.
When the FTP-over-HTTP mode is configured, Web Gateway always uses active
connections to reach out to the FTP server even if this checkbox is selected.
Provides a plain-text comment on a port that listens to FTP requests.
Comment
ICAP Server
Settings for running an ICAP server on an appliance that modifies requests and responses in communication
with ICAP clients
Table 7-13 ICAP Server
Option
Definition
Enable ICAP server
When selected, an ICAP server is run on an appliance.
ICAP Port Definition list Provides a list for entering the ports on an appliance that listen to requests from ICAP
clients.
When multiple ICAP servers are configured on different appliances within your network,
requests coming in from ICAP clients are distributed among these servers in round-robin
mode.
The following table describes an entry in the ICAP port definition list.
Table 7-14 ICAP port definition list – List entry
40
Option
Definition
Listener address
Specifies the IP address and port number for a port on the ICAP server that listens for
requests from ICAP clients.
Send early 204 responses
When selected, these responses are sent.
Include Realm into
authentication attributes
When selected, the realm is included in the attributes that are evaluated during the
authentication process that is performed in ICAP communication.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Proxies settings
7
Table 7-14 ICAP port definition list – List entry (continued)
Option
Definition
Wait for complete ICAP
request
When selected, an ICAP request is only processed after it has been completely
received on the ICAP server, depending, however, on what you select from the
following.
• Never — Processing never waits until a request has been completely received.
• Only for REQMOD requests — Processing only waits if a request was sent in REQMOD
mode.
• Only for FTP requests — Processing only waits if an FTP request was sent.
• Always — Processing always waits until a request has been completely received.
Maximum concurrent
REQMOD connections
Limits the number of connections that can run in REQMOD mode at the same time.
Maximum concurrent
RESPMOD connections
Limits the number of connections that can run in RESPMOD mode at the same time.
Preview size
Sets the preview size.
ICAPS
When selected, the connections used for the ICAP communication are SSL-secured.
The default maximum number is 100.
The default maximum number is 400.
When this option is selected, the options explained in the following are activated.
These options are related to the certificate that the ICAP server submits when
connecting to ICAP clients over SSL-secured connections.
Subject, Issuer, Validity,
Extensions, Fingerprint,
Key
These fields display information about the server certificate that is currently in use.
Server certificate
Provides options for handling a server certificate.
• Generate New — Opens a window for generating a new server certificate.
• Import — Opens a window for importing a server certificate.
• Export — Lets you browse to a location within your file system that a server
certificate can be exported to.
• Export key — Lets you browse to a location within your file system that the key file for
a server certificate can be exported to.
Comment
Provides a plain-text comment on a port that listens to requests from ICAP clients.
IFP Proxy
Settings for running a proxy on an appliance under the IFP protocol
This protocol is used for transferring web pages.
Table 7-15 IFP Proxy
Option
Definition
Enable IFP proxy
When selected, a proxy is run on an appliance under the IFP protocol.
IFP port definition list
Provides a list for entering the ports on an appliance that listen to client
requests for the IFP proxy.
Maximum number of concurrent
IFP requests allowed
Limits the number of IFP requests that are processed at the same time to the
specified value.
You can use this setting to prevent an overloading of the IFP proxy.
McAfee Web Gateway 7.8.0
Interface Reference Guide
41
7
Proxies
Proxies settings
The following table describes an entry in the IFP port definition list.
Table 7-16 IFP port definition list – List entry
Option
Definition
Listener address
Specifies the IP address and port number for a port that listens for IFP requests.
Send error message as
redirect
When set to true, a user who sent a request is informed, for example, about a
blocking of the request, by redirecting the request to an error message page.
Otherwise the relevant information is sent as a normal message under the IFP
protocol.
Provides a plain-text comment on a port that listens to IFP requests.
Comment
SOCKS Proxy
Settings for running a proxy on an appliance under the SOCKS (sockets) protocol
Table 7-17 SOCKS Proxy
Option
Definition
Enable SOCKS proxy
When selected, a proxy is run on an appliance under the SOCKS protocol.
SOCKS port definition list Provides a list for entering the ports on an appliance that listen to client requests for
the SOCKS proxy.
The following table describes an entry in the SOCKS port definition list.
Table 7-18 SOCKS port definition list – List entry
Option
Definition
Listener address
Specifies the IP address and port number of a port that listens for SOCKS requests.
Port range for UDP Sets the range of ports used for listening to requests sent under the UDP protocol when a
SOCKS proxy is configured.
Provides a plain-text comment on a port that listens to SOCKS requests.
Comment
Data Exchange Layer
Settings for using the DXL (Data Exchange Layer) technology to exchange information between different web
security products
You can implement a library rule set that uses DXL messages to exchange file reputation information
between Web Gateway and a TIE server.
Implementing this rule set is currently the only way to use DXL messages on Web Gateway. The rule
set works without any additional configuration of the Data Exchange Layer settings.
Table 7-19 Data Exchange Layer
Option
Definition
Time to wait for replies to DXL
service requests
Sets the time (in seconds) that Web Gateway waits for a response after
sending a request to DXL service.
The default waiting time is 60 seconds.
42
Subscription Topics
Provides a list of topics that a security product can subscribe to for receiving
messages about these topics.
Services
Provides a list of services that send messages about topics to security
products.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Proxies settings
7
The following tables describe entries in the Subscription Topics and Services lists.
Table 7-20 Subscription Topics – List entry
Option
Definition
String
Specifies the name of a topic.
Comment
Provides a plain-text comment on a topic.
Table 7-21 Services – List entry
Option
Definition
Service
Specifies the name of a service that sends messages about topics.
Comment
Provides a plain-text comment on a service.
Web Cache
Setting for enabling the web cache on a Web Gateway appliance
In addition to enabling the web cache, you need to implement a rule set that uses the Enable Cache event to
control reading from and writing to the cache.
Table 7-22 Web Cache
Option
Definition
Enable cache
When selected, the web cache is enabled on an appliance.
Timeouts for HTTP(S), FTP, ICAP, SOCKS, and UDP
Settings for timeouts on connections for communication under the HTTP, HTTPS, FTP, ICAP, SOCKS, and UDP
protocols
Table 7-23 Timeouts for HTTP(S), FTP, ICAP, SOCKS, and UDP
Option
Definition
Initial connection timeout
Sets the time (in seconds) that is allowed to elapse before a newly opened
connection is closed if no request is received.
Connection timeout
Sets the time (in seconds) that is allowed to elapse before a connection is closed if
a client or web server remains inactive during an uncompleted connection request
communication.
Client connection timeout
Sets the time (in seconds) that is allowed to elapse between one request and the
next before a connection from an appliance to a client is closed.
Maximum idle time for unused Sets the time (in seconds) that is allowed to elapse between one request and the
next before a connection from an appliance to a server under the HTTP protocol is
HTTP server connections
closed.
UDP timeout (inactivity
timeout)
McAfee Web Gateway 7.8.0
Sets the time (in seconds) that is allowed to elapse between one request and the
next before a connection from an appliance to a client under the UDP protocol is
closed.
Interface Reference Guide
43
7
Proxies
Proxies settings
DNS Settings
Settings for communication with a domain name system server
Table 7-24 DNS Settings
Option
Definition
IP protocol version
preference
Lets you select the version of the IP protocol that is used for communication.
• (Version options)
• Same as incoming connection — When selected, the protocol version is used that is
already in use on the incoming connection.
• IP4 — When selected, version 4 of the IP protocol is used.
• IP6 — When selected, version 6 of the IP protocol is used.
• Use other protocol version as fallback — When selected, the other protocol version is used if
one of the two versions is not available.
Minimal TTL for DNS
cache
Sets a minimum time (in seconds) that must have elapsed before data stored in the
cache is deleted.
Maximal TTL for DNS
cache
Limits the time (in seconds) that elapses before data stored in the cache is deleted to the
specified value.
XMPP
Settings for running an instant messaging proxy under the XMPP protocol on an appliance
This is the protocol used for several instant messaging services including Jabber, Google Talk, Facebook Chat,
and others.
Table 7-25 XMPP
Option
Definition
Enable XMPP proxy
When selected, a proxy for instant messaging under the XMPP protocol is run on an
appliance
Proxy port
IP address of an appliance that an instant messaging proxy is run on and port number
for the port that listens to requests sent under the XMPP protocol
Client connection timeout Limits the time (in seconds) that elapses before an inactive connection from the
instant messaging proxy to a client is closed to the specified value.
Server connection timeout Limits the time (in seconds) that elapses before an inactive connection from the
instant messaging proxy to a server is closed to the specified value.
44
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Proxies settings
7
Advanced Settings
Settings for advanced proxy functions
Table 7-26 Advanced Settings
Option
Definition
Maximum number of client
connections
Limits the number of connections between a proxy on an appliance and its clients.
Specifying 0 means that no limit is configured.
Handle responses from server Provides options for handling the content in the body of a response from a web
(content-encoding)
server that is forwarded to a client by Web Gateway.
The content can be handled differently depending on whether it is compressed,
for example, when GZIP encoding has been applied, or not.
Compressed content can be extracted to allow access, inspection, and other
treatment according to the rules that are configured on Web Gateway.
Forwarding to the client is only performed if and to the extent that the rules allow
it.
• Extract but do not compress — Compressed content is extracted and forwarded
uncompressed to the client. Uncompressed content is forwarded as it is.
• Extract and compress if server response is compressed — Compressed content is
extracted and compressed again before forwarding it to the client.
Uncompressed content is forwarded as it is.
• Extract and compress if client supports compression — Compressed content is
extracted and compressed again before forwarding to the client if the client
supports compression. Otherwise it is forwarded uncompressed.
Uncompressed content is compressed and then forwarded if the client supports
compression. Otherwise it is forwarded uncompressed.
• Do not extract and not compress — Compressed content is not extracted and
forwarded to the client compressed.
Uncompressed content is forwarded uncompressed.
Not extracting compressed content reduces load in content forwarding. This
option is therefore useful when content inspection or other treatment is not
required.
For example, if you only want to apply URL filtering to web traffic, content
extraction is unnecessary.
Compressed content is, however, extracted under this option if the Dynamic
Content Classifier (DCC) is called in case a URL could not be rated using Trusted
Source information.
To call the DCC, the following setting within the URL settings must be selected:
Enable the Dynamic Content Classifier if GTI web categorization yields no result.
The extracted content is forwarded uncompressed to the client.
Handle compressed requests
from client
Provides options for handling requests that were received in compressed format
from a client of Web Gateway.
• Ignore — The compressed content is not extracted and filtered, and the request is
forwarded to the web server in compressed format.
• Extract — The compressed content is extracted, so it can be filtered, but not
compressed again before it is eventually forwarded to the web server.
• Extract and compress again — The compressed content is extracted, so it can be
filtered, and compressed again before it is eventually forwarded to the web
server.
McAfee Web Gateway 7.8.0
Interface Reference Guide
45
7
Proxies
Proxies settings
Table 7-26 Advanced Settings (continued)
Option
Definition
Number of working threads
Specifies the number of threads used for filtering and transmitting web objects
when a proxy is run on an appliance.
Number of threads for AV
scanning
Specifies the number of threads used to scan web objects for infections by viruses
and other malware when a proxy is run on an appliance.
Use TCP no delay
When selected, delays on a proxy connection are avoided by not using the Nagle
algorithm to assemble data packets.
This algorithm enforces that packets are not sent before a certain amount of data
has been collected.
Maximum TTL for DNS cache
in seconds
Limits the time (in seconds) that host name information is stored in the DNS cache.
Timeout for errors for long
running connections
Sets the time (in hours) that a long-running connection to another network
component is allowed to remain inactive before Web Gateway closes the
connection.
The default time is 24 hours.
This setting prevents the performance of a Web Gateway appliance from being
impacted by long-running connections that run extremely long.
Time is measured as follows for the different connection protocols to determine
whether the timeout has been reached.
• HTTP, HTTPS (with content inspection), ICAP, and similar protocols: Time is
measured for every request that is sent on a connection.
• SOCKS (when the embedded protocol is not followed), tunneled HTTP, HTTPS
(without content inspection), and similar protocols: Time is measured for a
connection as a whole.
• FTP: Time is measured for the control connection.
When the connection is closed, an error is generated, which can be handled by the
rules in an Error Handler rule set.
Check interval for long
running connections
Sets the time (in minutes) that elapses between check messages sent over a
long-running connection.
Maximum amount of data per
connection or request
Sets the amount of data (in MB) that can be sent on a long-running connection to
another network component before Web Gateway closes the connection.
The default amount is 10,240 MB.
This setting prevents the performance of a Web Gateway appliance from being
impacted by long-running connections that carry a very high data load.
Data load is measured as follows for the different connection protocols to
determine whether the maximum amount has been reached.
• HTTP, HTTPS (with content inspection), ICAP, and similar protocols: Data load is
measured for every request that is sent on a connection.
• SOCKS (when the underlying protocol is not followed), tunneled HTTP, HTTPS
(without content inspection), and similar protocols: Data load is measured for a
connection as a whole.
• FTP: Data load is measured for the data connection.
When the connection is closed, an error is generated, which can be handled by the
rules in an Error Handler rule set.
The following properties are then set to the value of the measured data to be
available for the error handling rules: Bytes.ToClient, Bytes.ToServer, Bytes.FromClient,
Bytes.FromServer.
46
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Proxies settings
7
Table 7-26 Advanced Settings (continued)
Option
Definition
Volume interval for
connections
Sets the volume interval for long-running connections.
Internal path ID
Identifies the path an appliance follows to forward internal requests (not requests
received from clients), for example, requests for style sheets used to display error
messages.
Bypass RESPmod for
responses that must not
contain a body
When selected, responses sent in communication under the ICAP protocol are not
modified according to the RESPMOD mode if they do not include a body.
Call log handler for progress
page updates and objects
embedded in error templates
When selected, the rules in the log handler rule set that is implemented on the
appliance are processed to deal with the specified updates and objects.
Allow connections to use local When selected, local ports can be used for requests on an appliance that a proxy is
run on.
ports using proxy
Use virtual IP as the Proxy.IP
property value
When selected, the value for the Proxy.IP property in High Availability mode is a
virtual IP address for all nodes in a configuration.
It is the virtual IP address that is used by clients to connect to the proxy.
When the director node redirects a request sent from a client to a scanning node,
this address is the value of the Proxy.IP property also on the scanning node (not the
physical address of the scanning node).
HTTP(S): Remove all
hop-by-hop headers
When selected, hop-by-hop headers are removed from requests received on an
appliance that an HTTP or HTTPs proxy is run on.
HTTP(S): Inspect via headers
to detect proxy loops
When selected, via headers in requests received on the appliance that an HTTP or
HTTPS proxy is run on are inspected to detect loops.
HTTP(S): Host from absolute
URL has priority over host
header
When selected, the host names corresponding to absolute URLs in requests
received on an appliance that an HTTP or HTTPS proxy is run on are preferred to
the host names contained in the request headers.
Encode own IP address in
progress page ID to enable
non-sticky load balancers
When selected the own IP address is encoded in the progress page ID.
HTTP(S): Maximum size of a
header
Sets a limit to the size (in MB) for the header of a request or response sent in
HTTP(S) traffic.
The default size is 10 MB.
Listen backlog
Specifies a value for the listen backlog.
The default value is 128.
Limit for working threads
doing IO in web cache
Sets a limit to the number of working threads for the web cache.
Progress page limit
Sets a limit to the size (in KB) of the progress page.
The default number is 25.
The default size is 40,000 KB.
McAfee Web Gateway 7.8.0
Interface Reference Guide
47
7
Proxies
Proxies settings
Table 7-26 Advanced Settings (continued)
Option
Definition
Enable TCP window scaling
When selected, the window for receiving data packages at the TCP communication
level is increased by the scaling factor that you specify under TCP window scale.
This option is enabled by default.
If you disable the option, it means that there is no window scaling.
Disable the option only if you really want to configure the receive window
in this way.
TCP window scale (format:
0-14)
Sets the size of the window for receiving data packages on the TCP communication
level.
The initial size of the receive window can be scaled using a scaling factor that is
calculated by taking base 2 to the power of the value that you specify here.
For example, if you specify 1, the scaling factor is 2^1 = 2, which means the window
size is doubled.
The range of values that you can specify is 0–14.
If you specify 0, it yields 1 as the scaling factor. It means that you want to leave the
initial size of your receive window as it is.
It still allows, however, the use of window scaling for the receive window of the
communication partner.
The default value is 2.
Periodic Rule Engine Trigger List
Settings for connecting to web servers, calling the rule engine, and downloading data
Table 7-27 Periodic Rule Engine Trigger List
Option
Definition
Enable Periodic Rule
Engine Trigger List
When selected, connections to the web servers specified in list called URL definition list are
set up in regular intervals.
The interval for each web server connection is also specified on the list.
When the interval has elapsed, the rule processing module (rule engine) on an appliance
is called, a connection to the web server is set up, and data is downloaded from the web
server and passed on to the rule engine for processing.
Data is only downloaded under the HTTP and HTTPS protocols.
Web servers that connections are set up to in this way include next-hop proxy servers and
other servers used for providing particular services in the web.
URL definition list
Provides a list of web servers that a connection can be set up to.
The following table describes a list entry in the URL definition list.
Table 7-28 URL definition list – List entry
Option
Definition
Host
Specifies the IP address and port number or the URL of a web server that a connection can be
set up to.
Trigger interval Specifies the interval (in seconds) that elapses before the next attempt to set up a connection to
a web server.
Comment
48
Provides a plain-text comment on a web server connection.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Proxies
Proxies settings
7
Domain Name Service settings
The Domain Name Service settings are used for configuring DNS servers, including the use of DNS servers
according to particular domains, which is also known as conditional DNS forwarding.
Domain Name Service Settings
Settings for DNS servers
Table 7-29 Domain Name Service Settings
Option
Definition
Primary domain name server
Specifies the IP address of the first server.
Secondary domain name server
Specifies the IP address of the second server.
Tertiary domain name server
Specifies the IP address of the third server.
Conditional DNS Forwarder Configuration
Settings for using DNS servers according to domains
Table 7-30 Conditional DNS Forwarder Configuration
Option
Definition
Enable conditional
forwarding
When selected, a DNS server from the Conditional Forwarder List resolves domain
information sent in a request to Web Gateway into an IP address.
• A DNS server is selected from the list according to the domain of the requested
destination.
• A DNS server is specified in the list by its IP address.
• Up to 5 DNS servers can be specified for a domain.
If this option is enabled, the following five options become accessible.
Default resolver(s)
Specifies the IP addresses of the DNS server or servers that are by default used for
resolving domain information.
IP addresses for up to 5 DNS servers can be specified here.
TTL for positive answer Limits the time (in seconds) that positive answers are cached for conditional DNS
forwarding to the specified value.
• The allowed time range is 1 to 604800 seconds.
• The default time is 604800 seconds.
TTL for negative
answer
Limits the time (in seconds) that negative answers are cached for conditional DNS
forwarding to the specified value.
• The allowed time range is 1 to 604800 seconds.
• The default time is 10800 seconds.
Conditional Forwarder
List
Contains entries for domains and IP addresses of DNS servers that are involved in
conditional forwarding.
Conditional Forwarder
Reverse Lookup List
Contains entries for domains and IP addresses of DNS servers that are involved when a
reverse lookup is performed in conditional forwarding.
The following table describes an entry in the Conditional Forwarder List.
McAfee Web Gateway 7.8.0
Interface Reference Guide
49
7
Proxies
Proxies settings
Table 7-31 Conditional Forwarder List – List entry
Option
Definition
Forward zone Specifies a domain name.
When a request for a destination within a particular domain is sent to Web Gateway, the DNS
server or servers are used for a lookup that have been specified for this domain.
DNS server(s) Specifies a DNS server or several DNS servers by their IP addresses.
IP addresses for up to five DNS servers can be specified here.
Comment
Provides a plain-text comment on the conditional DNS forwarding that is configured by this list
entry.
The following table describes an entry in the Conditional Forwarder Reverse Lookup List.
Table 7-32 Conditional Forwarder Reverse Lookup List – List entry
Option
Definition
Forward zone Specifies the IP address of a domain.
• The IP address is specified in CIDR notation.
• When a reverse lookup is performed for an IP address, the DNS server or servers are used that
have been specified for this address.
DNS server(s) Specifies a DNS server or several DNS servers by their IP addresses.
IP addresses for up to five DNS servers can be specified here.
Comment
50
Provides a plain-text comment on the conditional DNS forwarding that is configured by this list
entry.
McAfee Web Gateway 7.8.0
Interface Reference Guide
8
Central Management
Central Management allows you to administer multiple appliances that you have set up within your network as
nodes in a common configuration.
When administering a Central Management configuration, you are dealing mainly with:
•
Nodes — An appliance can be set up as a node that is connected to other nodes and can send and receive
data to and from them to perform updates, backups, downloads and other activities.
•
Node groups — Nodes are assigned to different types of node groups that allow data transfer in different
ways.
•
Scheduled jobs — Data can be transferred according to different kinds of schedules that you can configure.
Update schedules can also be configured for the nodes in a Central Management configuration specifying the
time when updates should be performed and when not.
Central Management settings
The Central Management settings are used for configuring appliances that you administer as nodes in a common
configuration.
Central Management Settings
Settings for basic communication parameters of a node in a Central Management configuration
Table 8-1 Central Management Settings
Option
Definition
IP addresses and ports of this node for
Central Management communication
Provides a list for entering the IP addresses and port numbers that a node
uses to communicate with other nodes in a Central Management
configuration.
Timeout for distributing messages to
other nodes
Limits the time (in seconds) that is allowed for another node to respond to
a message from the current node to the specified value.
The time can range from 10 to 600 seconds.
It is set on a slider scale.
The following table describes the elements of an entry in the IP addresses and ports list.
Table 8-2 IP addresses and ports – List entry
Option
Definition
String
Specifies the IP address and port number for a node.
Comment
Provides a plain-text comment on an IP address and a port number.
McAfee Web Gateway 7.8.0
Interface Reference Guide
51
8
Central Management
Central Management settings
Advanced Management Settings
Settings for advanced administration of a Central Management configuration
Table 8-3 Advanced Management Settings
Option
Definition
Multiplier for timeout
when distributing over
multiple nodes
Sets a factor for increasing the time interval that has been configured under Timeout for
distributing messages to other nodes in the Central Management Settings section.
Increasing the time interval gives messages more time to proceed from one node to
another, from there to the next node, and so on.
The interval can be increased by a value between 1 and 2.
The value is set on a slider scale.
Node priority
Sets the priority that a node takes within a node group
The highest priority is 1.
If the configuration data on a node is no longer synchronized with that of other nodes,
for example, because the node has been down for some time, the node receives the
most recent configuration data from the node with the highest priority.
If this is not your intention, make sure that all nodes have the same priority, which is
also the recommended setting.
The priority of a node can range from 1 to 100.
It is set on a slider scale.
Allow a GUI server to
attach to this node
When selected, a server providing an additional user interface for the appliance is
allowed to connect to the node.
Allow to attach a GUI
server from non-local
host
When selected, a server with an additional user interface that is not running on the
current node is allowed to connect to the node.
GUI control address
Specifies the IP address and port number the additional user interface uses for
connecting to the current node.
GUI request address
Specifies the IP address and port number of this server used when sending requests to
it.
Use unencrypted
communication
When selected, messages sent from this node to other nodes in the configuration are
not encrypted.
However, authentication using certificates is still performed.
This option is not selected by default.
Make sure that all nodes in a Central Management configuration are
configured in the same way with regard to this option
Otherwise communication between the nodes will fail due to the differences in
encryption handling.
Enable IP checking for
other nodes
When selected, the IP address can be verified when messages are sent from this node
to other nodes in the configuration.
This function is intended to increase web security, but can lead to problems for some
network setups, for example, NAT setups.
52
McAfee Web Gateway 7.8.0
Interface Reference Guide
Central Management
Central Management settings
8
Table 8-3 Advanced Management Settings (continued)
Option
Definition
Allowed time difference
Limits the time difference (in seconds) allowed for accepting configuration changes to
the specified value.
The number of seconds can range from 10 to 600.
It is set on a slider scale.
Enable version checking When selected, the version of the appliance software is checked before configuration
for other nodes
changes are distributed between nodes.
Configuration changes are not distributed to a node if the version of the appliance
software on this node does not match the version on the node that distributes the
changes.
• Level of version check – Sets a level of thoroughness when verifying the version of the
appliance software.
The level is set on a slider scale. It can take the following values:
• 1 – Only major version number (7 in 7.3.0) must match.
• 2 – Minor version number (3 in 7.3.0) must also match.
• 3 – Feature version number (0 in 7.3.0) must also match.
• 4 – Maintenance version number (if any, for example, 1 in 7.3.0.1.2) must also match.
• 5 – Hotfix version number (if any, for example, 2 in 7.3.0.1.2) must also match.
• 6 – Build number (for example, 14379) must also match.
This Node is a Member of the Following Groups
Settings for including a node in a group of nodes
Table 8-4 This Node is a Member of the Following Groups
Option
Definition
Group runtime Determines the group of a node, in which runtime data can be shared with all nodes in the
group, for example, time quotas.
Group update
Determines the group of a node, in which updates can be shared with all nodes in the group
Group network Determines the group of a node, in which the node can immediately connect to all other nodes
in the group
A node can be a member of more than one network group.
In this case, the nodes of a group that a node is a member of can connect through this node to
nodes of another group that this node is also a member of.
All groups that a node is a member of are listed in the Group network list.
The following table describes the elements of a list entry in the group network list.
Table 8-5 Group network – List entry
Option
Definition
String
Specifies the name of a network node group.
Comment
Provides a plain-text comment on a network node group.
Automatic Engine Updates
Settings for scheduling automatic updates of database information for modules used in the filtering process
McAfee Web Gateway 7.8.0
Interface Reference Guide
53
8
Central Management
Central Management settings
Table 8-6 Automatic Engine Updates
Option
Definition
Enable automatic updates When selected, database information is automatically updated.
Allow to download
updates from the internet
When selected, database updates are downloaded from the internet.
When selected, database updates are downloaded from other nodes in a Central
Allow to download
updates from other nodes Management configuration.
Update interval
Limits the time (in minutes) that elapses before database information is again updated
to the specified value.
The time is set on a slider scale.
Allowed values range from 15 to 360.
CRL update interval
Limits the time (in hours) that elapses before certificate revocation lists used in
filtering SSL-secured web traffic are updated to the specified value.
This update uses a method that differs from those of other updates and must
therefore be configured separately.
The time is set on a slider scale
Allowed values range from 3 to 168.
Enable update proxies
When selected, proxies are used for performing updates.
The proxies are configured in the Update proxies (fail over) list.
These proxies are also used when the MLOS operating system of a Web Gateway
appliance is updated.
Update proxies (fail over)
Provides a list for entering the proxies that are used for performing updates.
The proxies are used in failover mode. The first proxy on the list is tried first and only if
the configured timeout has elapsed is the next proxy tried.
The following table describes the elements of an entry in the Update proxies list.
Table 8-7 Update proxies – List entry
Option
Definition
Host
Specifies the host name or IP address of a proxy for performing updates.
Port
Specifies the port on a proxy that listens for update requests.
User
Specifies the name of a user who is authorized to access a proxy for performing updates.
Password
Sets a password for this user.
Comment
Provides a plain-text comment on a proxy.
Advanced Update Settings
Settings for advanced update functions
Table 8-8 Advanced Update Settings
54
Option
Definition
Allow to upload updates to other
nodes
When selected, updated database information can be uploaded from the
appliance (as a a node in a Central Management configuration) to other nodes.
The first time an update starts, it
should wait an appropriate time
before starting
Limits the time (in seconds) that elapses before an update is started to the
specified value.
McAfee Web Gateway 7.8.0
Allowed values range from 5 to 1200.
Interface Reference Guide
Central Management
Central Management settings
8
Table 8-8 Advanced Update Settings (continued)
Option
Definition
The first time an automatic update Limits the time (in seconds) that elapses between attempts to start an
starts, it uses the startup interval to automatic update for the first time to the specified value.
update
During an update, the coordinator subsystem, which stores updated
information on the appliance, tries to connect to the appliance core, where the
modules reside that use this information.
A low value for this interval can therefore speed up updates because it
reduces the time the coordinator might have to wait until the core is ready to
receive data.
Allowed values range from 5 to 600.
Try to update with start interval
Limits the number of attempts (1 to 9) the appliance makes when trying to
start an update to the specified value.
Use alternative URL
Specified the URL of an update server that is used instead of the default
server.
Verify SSL tunnel
When selected, a certificate sent to a node by an update server in SSL-secured
communication is verified.
Enter a special custom parameter
sequence for an update server
Updates of URL filtering information are taken from the URL filter database
server that is specified by the URL entered here.
No updates should be made in
defined time window
Provides a list for entering daily time slots during which no updates of
database information should be made.
The following table describes the elements of an entry in the time slot list.
Table 8-9 Time slot – List entry
Option
Definition
Start of time slot (hour)
Sets the hour when a daily time slot begins.
Start of time slot (minute)
Sets the minute in an hour when a daily time slot begins.
Start of time slot (second)
Sets the second in a minute when a daily time slot begins.
End of time slot (hour)
Sets the hour when a daily time slot ends.
End of time slot (minute)
Sets the minute in an hour when a daily time slot ends.
End of time slot (second)
Sets the second in a minute when a daily time slot ends
Comment
Provides a plain-text comment on a time slot.
Advanced Subscribed Lists Settings
Settings for advanced subscribed lists functions
McAfee Web Gateway 7.8.0
Interface Reference Guide
55
8
Central Management
Central Management settings
Table 8-10 Advanced Subscribed Lists Settings
Option
Definition
Allow to download
customer
subscribed lists
When selected, customer subscribed lists can be downloaded from the current appliance.
If the appliance is a node in a Central Management configuration and this option is also
selected on other nodes, one of the nodes will download the lists.
If you want a particular node to download the lists, you need to make sure the option is
deselected on every other node.
When a node is restarted and one or more subscribed lists are configured on this node, list
content is downloaded to ensure a valid configuration.
The download is performed regardless of whether this download option is selected or not.
When a node is added to a configuration with other nodes that have subscribed lists
configured, list content is downloaded for these lists onto the new node.
To reduce internal traffic, the download is performed without prior communication with
other nodes.
The download is performed regardless of whether this download option is selected or not.
Manual Engine Updates
Setting for performing manual updates of database information for modules used in the filtering process
Table 8-11 Manual Engine Updates
Option
Definition
Manual Engine Update Updates database information for modules used in the filtering process immediately.
Database information is only updated for the modules on the appliance you are currently
working on.
Handle Stored Configuration Files
Settings for storing configuration file folders on disk
Table 8-12 Handle Stored Configuration Files
Option
Definition
Keep saved configuration
folders for a minimal time
Limits the time (in days) that configuration file folders are at least stored on disk to
the specified value.
The number of days can range from 1 to 100.
Keep minimal number of
configuration folders
Limits the number of configuration file folders that are at least stored on disk at
any time to the specified value.
The number can range from 1 to 100.
Keep minimal number of
packed folders
Limits the number of packed configuration file folders that are at least stored on
disk at any time to the specified value.
Configuration folders are packed when the minimal time configured for storing
them on disk has elapsed and the minimal number of folders stored on disk at any
time would be exceeded if they were stored unpacked any longer.
The number of folders can range from 1 to 100.
Advanced Scheduled Jobs
Settings for scheduled jobs
56
McAfee Web Gateway 7.8.0
Interface Reference Guide
Central Management
Central Management settings
8
Table 8-13 Advanced Scheduled Jobs
Option
Definition
Job list
Provides a list of scheduled jobs.
The following table describes the elements of a list entry.
Table 8-14 Job list – List entry
Option
Definition
Start job
Specifies the time setting for starting a scheduled job, for example,
hourly, daily, once.
Start job immediately if it was not started at its Lets a scheduled job start immediately if this has not happened
according to the originally configured schedule.
original schedule
Job
Specifies the type of job, for example, Backup Configuration.
Unique job ID
Identifies a scheduled job.
When this job has finished run job with ID
Provides the ID of a job that is run immediately after this job.
Comment
Provides a plain-text comment on a scheduled job.
Add Scheduled Job window
Settings in the window for adding a scheduled job
•
Time Settings — Settings for the time when a scheduled job is started
•
Job Settings — Settings for the type and ID of a scheduled job
•
Parameter Settings — Settings for additional parameters of a scheduled job
These settings differ for each job type as follows:
•
(Backup configuration settings) — Settings for a scheduled job that creates a backup of an appliance
configuration
•
(Restore backup settings) — Settings for a scheduled job that restores a backup of an appliance
configuration
•
(Upload file settings) — Settings for a scheduled job that uploads a file to an external server using the
HTTP or HTTPS protocol
•
(Download file settings) — Settings for a scheduled job that downloads a file to the appliance using the
HTTP or HTTPS protocol
For a scheduled job that performs a yum update, there are no additional parameter settings.
McAfee Web Gateway 7.8.0
Interface Reference Guide
57
8
Central Management
Central Management settings
Table 8-15 Time Settings
Option
Definition
Start job
Lets you select a time setting.
• Hourly — Starts a scheduled job every hour
• Daily — Starts a scheduled job once on a day
• Weekly — Starts a scheduled job once in a week
• Monthly — Starts a scheduled job once in a month
• Once — Starts a scheduled job only once
• Activated by other job — Starts a scheduled job after another job has been completed
(Time parameter
settings)
Settings specifying the parameters for a time setting, for example, the minute in an hour
when a job scheduled for hourly execution should be started
Which time parameter settings are shown depends on the selected time setting.
For example, if you have selected Hourly, you can configure the minute in an hour, but not
the day in a month.
• Minute — Sets a minute in an hour
• Hour — Sets an hour on a day
• Day of month — Sets a day in a month
• Enter day of week — Provides a list for setting a day in a week
• Month — Sets a month in a year (specified by a number from 1 to 12)
• Year — Sets a year (four digits)
Start job
When selected, a scheduled job is started immediately if this has not happened according
immediately if it was to the originally configured schedule.
not started at its
This can be the case, for example, when an appliance is temporarily shut down due to
original schedule
overload and a job was scheduled to run during this downtime.
The job is then executed as soon as the appliance is up again.
Table 8-16 Job Settings
Option
Definition
Job
Lets you select the type of a scheduled job.
• Backup configuration — Creates a backup of an appliance configuration
• Restore backup — Restores a backup of an appliance configuration
• Upload file — Uploads a file to an external server using the HTTP or HTTPS protocol
• Download file — Downloads a file onto the appliance using the HTTP or HTTPS protocol
• Yum update — Performs a yum update on an appliance configuration
This scheduled job type is not available when an appliance runs in a FIPS-compliant
mode
Unique job ID
Identifies a scheduled job.
The characters specified in this string are case-sensitive
Job description
58
Provides an optional description of a scheduled job in plain-text format.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Central Management
Central Management settings
8
Table 8-16 Job Settings (continued)
Option
Definition
When this job has
finished run job with
ID
Provides the ID of a scheduled job that is to run immediately after the job configured here
has finished.
Execute job on
remote node
Provides a list for selecting other nodes of the configuration to execute a scheduled job.
For this job, you must have configured the Activated by other job time setting.
The list displays the host names for the other nodes.
The scheduled job that you configure on this appliance is executed with its time and
parameter settings on the selected node or nodes.
A message is sent to the other node or nodes to inform them about the scheduled job.
Table 8-17 Parameter Settings – Backup configuration
Option
Definition
Use most recent
configuration
When selected, the scheduled job creates a backup from the most recent appliance
configuration
Format: |<path name>/<file name with extension>
Backup configuration
path
Specifies the name of the path to the folder where the configuration is stored that
should be used for the backup.
Format: /opt/mwg/storage/default/configfolder
This setting is only available when Use most recent configuration is deselected.
Save configuration to
path
Specifies the path and file name for a backup configuration.
Format: /<path name>/<file name with file name extension>
You must set user rights for the folder you want to store the backup configuration in,
making the appliance the owner who is allowed to write data into the folder.
On the command line provided, for example, by a serial console, run the appropriate
commands to create a folder or change the rights for an existing folder.
Table 8-18 Parameter Settings – Restore backup
Option
Definition
Restore backup from
file
Specifies the path and file name for the file that should be used to restore a backup.
Only restore policy
When selected, a scheduled job backs up only settings related to the web security policy
that was implemented on an appliance.
Format: |<path name>/<file name with extension>
Other settings, for example, settings needed for connecting an appliance to a network
are not restored.
Lock storage during
restore
When selected, no other files can be stored on the appliance until the scheduled job has
completely restored the backup configuration.
Password
Sets a password that is submitted for basic authentication.
Set
Opens the New Password window for setting a password.
When a password has been set, the Set button is replaced by a Change button, which
opens the New Password window for changing a password.
This setting is only available when Enable basic authentication is selected.
McAfee Web Gateway 7.8.0
Interface Reference Guide
59
8
Central Management
Central Management settings
Table 8-19 Parameter Settings – Upload file
Option
Definition
File to upload
Specifies the path and file name for a file that should be uploaded.
Format: |<path name>/<file name with extension>
Destination to upload file to Specifies the name of the path to the server that a file should be uploaded to under
the HTTP or HTTPS protocol and the file name for storing the file on the server.
Format: http|https: //<URL>/<file name with extension>
Enable basic authentication When selected, basic authentication is required for uploading a file.
User name
Specifies a user name that is submitted for basic authentication.
This setting is only available when Enable basic authentication is selected.
Password
Sets a password that is submitted for basic authentication.
Set
Opens the New Password window for setting a password.
When a password has been set, the Set button is replaced by a Change button, which
opens the New Password window for changing a password.
This setting is only available when Enable basic authentication is selected.
Table 8-20 Parameter Settings – Download file
Option
Definition
URL to download
Specifies a URL for the location of a file that should be downloaded under the HTTP
or HTTPS protocol and the name of the file.
Format: http|https: //<URL>/<file name with extension>
Save downloaded file to
Specifies a path to the location where a downloaded file should be stored and the file
name for storing the file.
Format: |<path name>/<file name with extension>
Enable basic authentication When selected, basic authentication is required for downloading a file
User name
Specifies a user name submitted for basic authentication.
This setting is only available when Enable basic authentication is selected.
Password
Sets a password that is submitted for basic authentication.
Set
Opens the New Password window for setting a password.
When a password has been set, the Set button is replaced by a Change button, which
opens the New Password window for changing a password.
This setting is only available when Enable basic authentication is selected.
60
McAfee Web Gateway 7.8.0
Interface Reference Guide
9
Policy configuration
To protect your network against threats arising from the web, Web Gateway enforces a web security policy,
which is implemented during the initial setup and can be modified later on.
Policy configuration includes ensuring protection against malware, allowing or blocking access to web objects
with particular URLs, and similar activities in other fields of web security.
Contents
Rule Sets tab
Rule set views
Key elements view
Rule Sets tab
Use the Rule Sets tab to work with rules and rule sets.
Figure 9-1 Rule Sets tab
Main elements of the Rule Sets tab
The following table describes the main elements of the Rule Sets tab.
McAfee Web Gateway 7.8.0
Interface Reference Guide
61
9
Policy configuration
Rule Sets tab
Table 9-1 Main elements of the Rule Sets tab
Element
Description
Rule sets toolbar
Items for working with the rule sets on the rule sets tree
Rule sets tree
Tree structure displaying the rule sets of the appliance configuration
Rule sets menu
Buttons for displaying tree structures of:
• (General) rule sets
• Log handler rule sets
• Error handler rule sets
• User-defined properties (for use in rule set criteria, rule criteria, and rule events)
Rules toolbar
Items for working with rules
Rules
Rules of the currently selected rule set
Rule sets toolbar
The rule sets toolbar provides the following options.
Table 9-2 Rule sets toolbar
Option
Definition
Add
Opens a menu or a window for adding an item, depending on what is currently selected from the
Rule sets menu.
• (Rule Sets is selected) — Opens a menu, from which you can select:
• Rule Set from Library — Opens the Add from Rule Set Library window for importing a rule set from
the rule set library.
• Rule Set — Opens the Add New Rule Set window to let you add a rule set to the appliance
configuration.
• Top-Level Rule Set — Opens the Add New Top-Level Rule Set window for adding a rule set at the top
level of the rule sets tree.
• (Log Handler is selected) — Lets you select Log Handler from a menu as the only accessible item to
open the Add New Log Handler window for adding a new Log Handler rule set.
• (Error Handler is selected) — Lets you select Error Handler from a menu as the only accessible item
to open the Add New Error Handler window for adding a new Error Handler rule set .
• (User-Defined Property is selected) — Lets you select User-Defined Property to open the Add New
User-Defined Property window for adding a property.
Export
Opens the Export Rule Set window for exporting a rule set to the library or into a file.
Edit
Opens the Edit Rule Set window for editing a selected rule set.
Delete
Deletes a selected rule set.
A window opens to let you confirm the deletion.
Move up
Moves a rule set up among other rules sets on the same level.
Move down Moves a rule set down among other rule sets on the same level.
Move out of Moves a rule out of its nesting rule set and onto the same level as the nesting rule set.
Move into
Moves a rule set out of its nesting rule set and into the rule set following this rule set.
Expand all
Expands all collapsed items on the rule sets tree.
Collapse all Lets all expanded items on the rule sets tree collapse.
62
McAfee Web Gateway 7.8.0
Interface Reference Guide
Policy configuration
Rule set views
9
Rules toolbar
The rules toolbar provides the following options.
Table 9-3 Rules toolbar
Option
Definition
Add
Opens the Add Rule window for adding a rule.
Edit
Opens the Edit Rule window for editing a selected rule.
Delete
Deletes a selected rule.
A window opens to let you confirm the deletion.
Move up
Moves a rule up within its rule set.
Move down
Moves a rule down within its rule set.
Copy
Copies a selected rule.
Paste
Pastes a copied rule.
Show details
Shows (or hides) details of a rule entry including the criteria.
Rule set views
The user interface provides two kinds of views for a particular rule set, the key elements view and the complete
rules view.
McAfee Web Gateway 7.8.0
Interface Reference Guide
63
9
Policy configuration
Key elements view
Key elements view
The key elements view shows key elements of the rules in a rule set and allows you to configure them.
Figure 9-2 Key elements view
Options of the key elements view
The following table describes the options of the key elements view.
Table 9-4 Options of the key elements view
64
Option
Definition
Rule set name
field
Shows the default name of the rule set that key elements are displayed for and lets you
edit this name.
Rule set
description field
Shows the default description of the rule set that key elements are displayed for and lets
you edit this description.
Enable
When selected, the rule set with the key elements that you are currently configuring is
enabled.
Enable in Cloud
When selected, the rule set with the key elements that you are currently configuring is
enabled for cloud use.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Policy configuration
Key elements view
9
Table 9-4 Options of the key elements view (continued)
Option
Definition
Unlock View
Leaves the key elements view and displays the corresponding complete rules view.
A confirmation message appears. Be aware that after leaving the key elements view, you
cannot return to it unless you discard all changes or re-import the rule set.
On the rule sets tree, icons before the rule set name show which of the two views is
currently enabled.
Rule set in key elements view
Rule set in complete rules view
• To work with nested rule sets, click Unlock View for the nesting rule set.
The nested rule sets appear on the rule sets tree, with the complete rule sets view
enabled for each of them.
• To display the nested rule sets of the default Common Rules rule set, expand this rule
set.
The complete rules view is already enabled for the last of the nested rule sets, while the
others are still displayed in the key elements view.
You can use the Unlock option of the rule set context menu to leave the key
elements view for one or more rule sets at once.
1 Select one rule set or several rule sets at once, then right-click and select
Unlock.
You can also expand a rule set that includes nested rule sets and select one or
more nested rule sets.
2 Confirm that you want to leave the key elements view.
The complete rules view is enabled for all selected rule sets
Permissions
Opens a window for configuring who is allowed to access the rule set with the key
elements you are currently configuring.
Key elements for a The key elements vary for each rule set.
rule set
Key elements for related functions are displayed in a group. Each group is preceded by a
group header.
For example, on the key elements view for URL filtering, key elements are displayed in the
groups Basic Filtering, SafeSearch, and others.
These groups contain key elements for basic URL filtering, for additionally using
SafeSearch functions in the filtering process, and for other functions.
McAfee Web Gateway 7.8.0
Interface Reference Guide
65
9
Policy configuration
Key elements view
66
McAfee Web Gateway 7.8.0
Interface Reference Guide
10
Lists
Lists are used by rules for retrieving information on web objects and users.
There are several types of lists, which differ, for example, with regard to who created them or which type of
elements they contain. Accordingly, you work with these lists in different ways.
Lists appear in different places on the user interface, for example, in the criteria of rules and rule sets, on the
Lists tab, and within settings.
At the initial setup of the appliance, lists are implemented together with the rule set system.
You can then review the lists of the implemented system, modify and delete them, and also create your own
lists.
Contents
Lists tab
External Lists module settings
External Lists system settings
Settings for subscribed lists content
McAfee Web Gateway 7.8.0
Interface Reference Guide
67
10
Lists
Lists tab
Lists tab
Use the Lists tab to work with lists.
Figure 10-1 Lists tab
Main elements of the Lists tab
The following table describes the main elements of the Lists tab.
Table 10-1 Main elements of the Lists tab
Element
Description
Lists toolbar
Items for working with the lists on the lists tree
Lists tree
Tree structure displaying the lists of the appliance configuration
List entries toolbar
Settings of the currently selected item on the settings tree
List entries
Entries of the currently selected list
Lists toolbar
The lists toolbar provides the following options.
68
McAfee Web Gateway 7.8.0
Interface Reference Guide
Lists
External Lists module settings
10
Table 10-2 Lists toolbar
Option
Definition
Add
Opens the Add List window for adding a list.
Edit
Opens the Edit List window for editing a selected list .
Delete
Deletes a selected list.
A window opens to let you confirm the deletion
Import
Opens the file manager on your system to let you import a list.
Export
Opens the file manager on your system to let you export a list that you have selected on the lists
tree.
View
Opens a menu to let you display the lists in different ways (A-Z, Z-A, by list type, with or without list
types for which currently no lists exist).
Expand all
Expands all collapsed items on the lists tree.
Collapse all Lets all expanded items on the lists tree collapse.
List entries toolbar
The list entries toolbar provides the following options.
Table 10-3 Lists entries toolbar
Option
Definition
Add
Opens the Add <List type> window for adding a list entry, for example, the Add String window.
Add multiple Opens the Add <List type> window for adding multiple list entries if this is possible for a list type.
Edit
Opens the Edit <List type> window for editing a selected list entry, for example, the Edit String
window.
Delete
Deletes a selected list entry.
A window opens to let you confirm the deletion.
Move up
Moves an entry up the list.
Move down
Moves an entry down the list.
Filter
Input field for typing a filtering term to display only matching list entries
The filtering function works as soon as you type a character in the field.
External Lists module settings
The External Lists module settings are used to configure the module that retrieves data from external sources.
Data Source Type
Settings for the type of source that data is retrieved from
You can configure specific settings for each source type in another section, which appears depending on what
you select here.
McAfee Web Gateway 7.8.0
Interface Reference Guide
69
10
Lists
External Lists module settings
Table 10-4 Data Source Type
Option
Definition
Web service
Data is retrieved using a web service under the HTTP, HTTPS, or FTP protocol.
File on disk
Data is retrieved from a file within your local file system.
LDAP
Data is retrieved from an LDAP server.
Database
Data is retrieved from a PostgreSQL or SQLite3 database.
Common Parameters
Settings for time limits in handling external lists
Table 10-5 Common Parameters
Option
Definition
Operation
timeout
Limits the time (in seconds) that elapses before an operation for handling external lists is
aborted if it cannot be completed successfully.
This option applies when the source of an external list is a web server. The timeout is reached,
for example, when a web server does not respond to a request from the appliance.
You can specify the expiration of the timeout as:
• Simple expiration — When selected, you can specify the time (in minutes) to elapse before
retrieved list data is removed from the internal cache in the Expiration time input field
• Scheduled expiration — When selected, you can specify the time that is to elapse before an
external list is removed from the internal cache in several input fields that appear
Expiration time
Limits the time (in minutes) that elapses before retrieved data is removed from the internal
cache to the specified value.
Minutes/Hours/
Days/Months/
Week days
Limits the time that elapses before retrieved data is removed from the internal cache to the
specified value.
These input fields appear when you select Scheduled expiration.
Your input must be in a “cron”-compliant format because the removal is calculated and
performed by a cron job.
For more information, see the crontab (5) man page of the documentation for Linux (UNIX)
operating systems.
You can specify values in one of these fields or in any combination of fields.
Data Conversion Settings
Settings for converting data that is retrieved from an external source
These settings are only available when you have selected Web service or File on disk as the source of the data.
70
McAfee Web Gateway 7.8.0
Interface Reference Guide
Lists
External Lists module settings
10
Table 10-6 Data Conversion Settings
Option
Definition
Data type
Lets you select the input format of the data that is converted.
You can select one of the following:
• Plain text — The data is in plain-text format
Each line appears as a separate entry in a converted list.
Optionally, you can specify a regular expression as a filtering term in the input field below.
Only strings matching this term are then entered into the list.
If there is no grouping operator in the regular expression, the complete string is stored in a
list. Otherwise, the data captured by the first group is stored.
• XML — The data is in XML format
You need to specify an XPath expression to select the data that is to be retrieved. Data can
be retrieved, for example, according to XML tags or attributes.
Regular
expression
Specifies a regular expression used to retrieve the data that is converted.
This option appears when you have selected Plain text under Data type.
XPath expression Specifies an XPath expression used to retrieve the data that is converted.
This option appears when you have selected XML text under Data type.
For information on how to use XPath expressions, refer to appropriate documentation, for
example, the XPath tutorial that is provided on the w3schools site.
XPath expression Specifies an XPath expression for a second attribute used in retrieving Map Type conversion
for second
data.
attribute (only for
The data retrieved using the second attribute provides the value of a Map Type key-value pair.
MapType)
Data for the key is retrieved using a first attribute, which is configured by specifying an XPath
expression in the XPath expression field.
The number of entries that are retrieved from an external list using this XPath expression
must be the same as the number of entries retrieved with the expression for the first
attribute.
The order in which entries are retrieved using the two expressions must also be the same.
Web Service Specific Parameters
Settings applying when the source of an external list is provided by a web service
These settings appear when Web service is selected in the Data Source Type section.
Table 10-7 Web Service Specific Parameters
Option
Definition
Web service’s URL
Specifies the URL of a file on a web server that contains an external list and is
provided by a particular web service (HTTP, HTTPS, or FTP).
You can specify a placeholder inside the URL.
Specify authentication data
When selected, you can specify information for an authentication that must be
performed successfully before data can be retrieved from a web service.
Type of HTTP authentication
Provides a list for selecting a type of HTTP authentication.
Supported types are: None, Basic, Digest
User's name
McAfee Web Gateway 7.8.0
Specifies a user name that is submitted for authentication.
Interface Reference Guide
71
10
Lists
External Lists module settings
Table 10-7 Web Service Specific Parameters (continued)
Option
Definition
User's password
Sets a password that is submitted for authentication.
Click Set to open a window for settings a password.
Use next-hop proxy for access When selected, access to the web server is achieved using a next-hop proxy server
to server
After selecting this checkbox, the following three items become accessible.
List of next-hop proxy servers
to use
Provides a list for selecting a list of servers that can be used as next-hop proxies to
access a web server.
Click Add or Edit to open windows for adding a new list or editing an existing list.
List of certificate authorities
Provides a list for selecting a list of certificate authorities that can be used in
SSL-secured communication with a web service.
Click Add or Edit to open windows for adding a new list or editing an existing list.
List of additional HTTP
headers
Provides a list for selecting headers that are added to an HTTP request after it has
been received on an appliance.
The following table describes the elements of a entry in the List of additional HTTP headers.
Table 10-8 Additional HTTP headers – List entry
Option
Definition
Header name
Specifies the name of a header that is added to an HTTP request.
Header value
Specifies the value of a header that is added to an HTTP request.
Comment
Provides a plain-text comment on a header.
File Specific Parameters
Settings applying when the source of an external list is a file within your local file system
These settings appear when File on disk is selected in the Data Source Type section.
Table 10-9 File Specific Parameters
Option
Definition
Full path to the file Specifies the path to the file within your local file system that is the source of an external list.
LDAP Specific Parameters
Settings applying when the source of an external list is an LDAP server
These settings appear when LDAP is selected in the Data Source Type section.
72
McAfee Web Gateway 7.8.0
Interface Reference Guide
Lists
External Lists module settings
10
Table 10-10 LDAP Specific Parameters
Option
Definition
LDAP server’s URL Specifies the name of the file from your local file system that is the source of an external list.
You can specify a placeholder inside the URL.
To restrict the possible location of the file, you can specify a part of your local file system
when configuring the External Lists system settings.
The file must be within the specified part then, for example, opt/mwg/temp.
List of certificate
authorities
Provides a list for selecting a list of certificate authorities that can be used in SSL-secured
communication with a web service.
Click Add or Edit to open windows for adding a new list or editing an existing list.
User name
Specifies the user name the appliance submits when attempting to connect to the LDAP
server.
LDAP password
Sets the password that an appliance submits when attempting to connect to an LDAP
server.
You can set or change the password using the Set/Change toggle button that is provided.
Search DN
Specifies the name of a domain in the database on an LDAP server that is searched for an
external list.
You can specify a placeholder inside this name.
Search scope
Lets you select the scope of the search for an external list on an LDAP server.
• Subtree — The complete subtree of the domain specified under Search DN is searched.
• One level — Only one level below the domain specified under Search DN is searched.
• Base — Only the base of the domain specified under Search DN is searched.
Search filter
Specifies a term for filtering the results of the search for an external list on an LDAP server.
Only if the name of an entry in the database matches the filtering term, the item that the
entry represents is retrieved.
You can specify a placeholder within this term.
Attribute
Specifies the attribute of an item in the database on an LDAP server that is the intended
search result, for example, an email address.
Second attribute
(only for MapType)
Specifies a second attribute of a database item on an LDAP server that is the intended
search result when the data for this item is Map Type data.
The data retrieved using the second attribute provides the value of a Map Type key-value
pair.
Data for the key is retrieved using a first attribute which is configured in the Attribute field.
Enable LDAP
version 3
When selected, version 3 of the LDAP protocol is used
If you disable this option, you need to provide the encoding that is used for communication
with the LDAP server.
The following input field for this information appears when you deselect Enable LDAP version
3.
Allow LDAP library
to follow referrals
When selected, referrals to locations outside the LDAP server that a search for an external
list performed on can be followed to retrieve the list
Database Specific Parameters
Settings applying when the source of an external list is a database
McAfee Web Gateway 7.8.0
Interface Reference Guide
73
10
Lists
External Lists module settings
These settings appear when Database is selected in the Data Source Type section.
Table 10-11 Database Specific Parameters
Option
Definition
SQL query
Specifies a string to denote the type of query that is performed on a database.
The default type of query used for retrieving external lists information is SELECT.
You can put a ; (semicolon) at the end of the string, but this is not required.
A query can also use placeholders to include variable data.
If the $N placeholder is used, the data that is filled in as the value of the variable is "escaped" to
prevent an SQL injection. Then a \(backslash) is replaced with \\ (double backslash), and a ' '
(apostrophe) is preceded by a \ (backslash).
An SQL query usually returns one data column. if you perform a query that returns multiple
columns, only the first is used for external list content.
To retrieve content from several columns, you need to specify combined columns for output,
using appropriate SQL operators.
Type of
database
Specifies the type of database that external list content is retrieved from.
The following two types are available:
• PostgreSQL
• SQLite3
After selecting a database type, database specific parameters appear according to this type.
Table 10-12 PostgreSQL Database Specific Parameters
Option
Definition
Database host
Specifies the host name of the server that a database resides on.
Database port
Specifies the port number of the port on a database host that listens to queries
for retrieving external list content.
The default port number is 5432.
Name of database on database
server
Specifies the name a database is known under on the database server.
Database user name
Specifies the user name of an appliance when connecting to a database server.
Database password
Sets a password for the user name of an appliance.
The Set button opens a window for setting the password.
Table 10-13 SQLite Database Specific Parameter
Option
Definition
File path to SQLite database
Specifies the full path to the file on an appliance that contains a database.
Advanced Parameters
Settings for advanced methods of handling external lists
74
McAfee Web Gateway 7.8.0
Interface Reference Guide
Lists
External Lists system settings
10
Table 10-14 Advanced Parameters
Option
Definition
Skip “bad” entries during
data conversion
When selected, data that cannot be converted to the required type, such as Integer,
Double, or Boolean, is omitted
Maximal number of entries
to fetch
Limits the number of entries that are retrieved from an external list to the specified
value.
The number can range from 0 to unlimited
Best practice: Specify a limit here to avoid high memory consumption in case of
large lists.
Limits the amount of data (in KB) that is retrieved from an external list.
Maximal size of entries to
fetch
The amount can range from 0 to unlimited
Best practice: Specify a limit here to avoid high memory consumption in case of
large lists.
This option is not available when the source of the external list is an LDAP server.
External Lists system settings
The External Lists system settings apply to all external lists that are processed on the appliance.
Global Configuration
Setting for the internal cache on the appliance that stores external list data
Table 10-15 Global Configuration
Option
Definition
Flush External Lists
Cache
Removes the data that is stored in the internal cache.
Time before retry after
failure
Limits the time (in seconds) that the External Lists module remembers a failure to
retrieve data from a particular external source to the specified value.
The module will not perform retries for a source as long as it remembers the failure.
We recommend that you keep the default value or modify it according to the
requirements of your network.
This way you avoid adding load by constant retries to a web server that is already
overloaded.
File Data Source Configuration
Setting for the local file system that external list data can be retrieved from
McAfee Web Gateway 7.8.0
Interface Reference Guide
75
10
Lists
Settings for subscribed lists content
Table 10-16 File Data Source Configuration
Option
Definition
File system allowed for
file data access
Specifies the path that leads to the folder for storing external lists within your local file
system.
External lists that data is retrieved from must be stored in this folder.
Otherwise an attempt to retrieve the data will lead to an access-denied error.
When external list data is retrieved from an SQLite database, the path specified here is
the path to the folder within your local file system that contains the database.
Web Data Source Configuration
Setting for all web services that are the sources of external list data
Table 10-17 Web Data Source Configuration
Option
Definition
Check SSL certificate
identity
When selected, a certificate that a web server submits in SSL-secured communication
under the HTTPS protocol is verified
The verification is performed according to the SSL scanning rules that are
implemented on the appliance.
This can, for example, lead to an error if the web server uses a self-signed certificate.
Settings for subscribed lists content
When a subscribed list is maintained on a server other than the McAfee server, settings must be configured for
its content.
Table 10-18 Settings for subscribed list content
Option
Definition
URL to download
Specifies the URL of a file with content for a subscribed list.
The format for specifying the URL is:
HTTP | HTTPS | FTP ://<path>/<filename>.<extension>
Use this
When selected, the certificate contained in the certificate authority chain appearing next
to the radio button is used.
This is required if the connection to the server that provides the list content is a
SSL-secured connection for communication under the HTTPS protocol.
Ignore certificate
errors
When selected, certificate errors will not cause a failure to retrieve a list content from a
server
URL authentication
Provides settings for configuring a user name and password if authentication is required
for access to a server.
• User name — Specifies a user name for authenticating to a server.
• Password — Sets a password for authenticating to a server.
Proxy
Provides a list for selecting proxy servers that are used to access a server with list
content.
By default, no proxy server is used to access a list content server.
76
McAfee Web Gateway 7.8.0
Interface Reference Guide
Lists
Settings for subscribed lists content
10
Table 10-18 Settings for subscribed list content (continued)
Option
Definition
Add Proxy
Opens a window for adding a proxy server to the list.
List content update
Provides settings for configuring an update schedule for list content .
An update can be performed:
• Hourly at — Sets the minutes after the full hour.
• Daily at — Sets hours and minutes.
• Weekly at — Sets a day of the week with hours and minutes.
• Every — Sets the minutes of the interval that is to elapse before the next update
happens.
McAfee Web Gateway 7.8.0
Interface Reference Guide
77
10
Lists
Settings for subscribed lists content
78
McAfee Web Gateway 7.8.0
Interface Reference Guide
11
Settings
Settings are used within Web Gateway for configuring modules (engines), rule actions, and system functions.
Settings names appear in different places on the user interface, for example, in the criteria, action, and events
of rules or on the Settings and Appliances tabs.
After clicking a settings name, you can access and configure the parameters and values of the settings.
At the initial setup of the appliance, module and action settings are implemented together with the rule set
system, as well as settings for the appliance system. Additional module and action settings are implemented
when you import a rule set from the rule set library.
You can review and modify the initially implemented or imported settings. You can also completely delete
module and action settings and create module and action settings of your own.
McAfee Web Gateway 7.8.0
Interface Reference Guide
79
11
Settings
Settings tab
Settings tab
Use the Settings tab to work with settings for actions and modules (engines).
Figure 11-1 Settings tab
Main elements of the Settings tab
The following table describes the main elements of the Settings tab.
Table 11-1 Main elements of the Settings tab
Element
Description
Settings toolbar
Controls for working with settings for actions and modules (engines)
Settings tree
Tree structure displaying actions and modules (engines)
Settings
Parameters and values of the currently selected action or module (engine)
Settings toolbar
The settings toolbar provides the following options.
Table 11-2 Settings toolbar
80
Option
Definition
Add
Opens the Add Settings window for creating new settings.
Edit
Opens the Edit Settings window for editing existing settings.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Settings
Settings tab
11
Table 11-2 Settings toolbar (continued)
Option
Definition
Delete
Deletes the selected settings.
A window opens to let you confirm the deletion.
Expand all
Expands all collapsed items on the settings tree.
Collapse all
Lets all expanded items on the settings tree collapse.
McAfee Web Gateway 7.8.0
Interface Reference Guide
81
11
Settings
Settings tab
82
McAfee Web Gateway 7.8.0
Interface Reference Guide
12
Authentication
Contents
Authentication settings
Kerberos Administration settings
Windows Domain Membership settings
NTLM Agent settings (NTLM Agent)
NTLM Agent Specific Parameters (Web Gateway)
Administrator account settings
Administrator role settings
Authentication settings
The Authentication settings are used for configuring the method the Authentication module applies when it is
looking up information about users in the authentication process.
Authentication Method
Settings for selecting an authentication method
McAfee Web Gateway 7.8.0
Interface Reference Guide
83
12
Authentication
Authentication settings
Table 12-1 Authentication Method
Option
Definition
Authentication
method
Provides a list for selecting an authentication method.
You can select one of the following:
• NTLM
• NTLM-Agent
• User Database
• LDAP
If you want to configure Secure LDAP, also known as LDAPS, you must work
with LDAP version 3.
This version can be selected under LDAP Specific Parameters. It is by default
selected.
• RADIUS
• Kerberos
• SSL Client Certificate
• Authentication Server
• One-Time Password
• SWPS (McAfee Client Proxy)
®
After selecting a method, settings that are specific to it appear below the common
settings
Authentication Test
Settings for testing whether a user with given credentials would be authenticated
Table 12-2 Authentication Test
Option
Definition
User
Specifies the user name that is tested.
Password
Specifies the tested password.
Authenticate User
Executes the test.
Test result
Displays the outcome of the test.
Common Authentication Parameters
Settings common to all authentication methods
There is also an advanced setting that is common to all authentication methods. It is described at the end of this
main section after the last of the subsections for the specific authentication parameters.
Table 12-3 Common Authentication Parameters
Option
Definition
Proxy Realm
Specifies the location of the proxy that receives requests from users who are asked
to authenticate.
Authentication attempt timeout Limits the time (in seconds) that elapses before the authentication process
terminates if not completed successfully to the specified value.
84
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
Authentication settings
12
Table 12-3 Common Authentication Parameters (continued)
Option
Definition
Use authentication cache
When selected, authentication information is stored in a cache.
Authentication is then based on this stored information, rather than on
information retrieved from an authentication server or the internal user database.
Authentication cache TTL
Limits the time (in minutes) that authentication information is stored in the cache
to the specified value.
NTLM Specific Parameters
Settings for the NTLM authentication method
Table 12-4 NTLM Specific Parameters
Option
Definition
Default NTLM domain
Specifies the name of the default Windows domain used for looking up
authentication information.
This is one of the domains you have configured on the Appliances tab of the
Configuration top-level menu.
Get global groups
When selected, information on global user groups is searched for on the Windows
domain server.
Get local groups
When selected, information on local user groups is searched for on the Windows
domain server.
When selected, the name of the Windows domain appears before the name of the
Prefix group name with
domain name (domain\group) user group when authentication information on this group is sent from the domain
server.
Enable basic authentication
When selected, the basic NTLM authentication method is applied to authenticate
users.
Information that a user submits for authentication is then sent in plain-text format
(less secure) to the Windows domain server.
Enable integrated
authentication
When selected, the integrated NTLM authentication method is applied to
authenticate users.
Information that a user submits for authentication is then encrypted before it is
sent to the Windows domain server.
Enable NTLM cache
When selected, NTLM authentication information is stored in this cache.
Authentication is then based on this stored information, rather on information
retrieved from the Windows domain server.
NTLM cache TTL
Limits the time (in seconds) that authentication information is stored in this cache
to the specified value.
International text support
Specifies a set of characters used by default for a request sent from a client, for
example, ISO-8859-1.
NTLM Agent Specific Parameters
Settings for the NTLM Agent authentication method
McAfee Web Gateway 7.8.0
Interface Reference Guide
85
12
Authentication
Authentication settings
Table 12-5 NTLM Agent Specific Parameters
Option
Definition
Use secure agent connection
When selected, the connection used for communicating with the NTML Agent is
SSL-secured
Authentication connection
timeout in seconds
Limits the time (in seconds) that elapses before the connection to the NTLM Agent
is closed if no activities occur on it to the specified value.
Agent Definition
Provides a list for entering the agents that are involved in performing NTLM
authentication.
Default NTLM domain
Specifies the name of the default Windows domain used for looking up
authentication information.
This is one of the domains you have configured on the Appliances tab of the
Configuration top-level menu.
Get global groups
When selected, information on global user groups is searched for on the Windows
domain server.
Get local groups
When selected, information on local user groups is searched for on the Windows
domain server.
Prefix group name with
domain name (domain\group)
When selected, the name of the Windows domain appears before the name of the
user group when authentication information on this group is sent from the
domain server.
Enable basic authentication
When selected, the basic NTLM authentication method is applied to authenticate
users.
Information that a user submits for authentication is then sent in plain-text format
(less secure) to the Windows domain server.
Enable integrated
authentication
When selected, the integrated NTLM authentication method is applied to
authenticate users.
Information that a user submits for authentication is then encrypted before it is
sent to the Windows domain server.
Enable NTLM cache
When selected, NTLM authentication information is stored in this cache.
Authentication is then based on this stored information, rather on information
retrieved from the Windows domain server.
NTLM cache TTL
Limits the time (in seconds) that authentication information is stored in this cache
to the specified value.
International text support
Specifies a set of characters used by default for a request sent from a client, for
example, ISO-8859-1.
User Database Specific Parameters
Settings for the User Database authentication method
Table 12-6 User Database Specific Parameters
Option
Definition
Send domain and machine
name to the client
When selected, the names of the appliance and the domain it has been assigned
to are sent to the client that a user who is to be authenticated sent a request from.
Enable basic authentication
When selected, the basic NTLM authentication method is applied to authenticate
users.
Information that a user submits for authentication is then sent in plain-text format
(less secure) to the Windows domain server.
86
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
Authentication settings
12
Table 12-6 User Database Specific Parameters (continued)
Option
Definition
Enable integrated
authentication
When selected, the integrated NTLM authentication method is applied to
authenticate users.
Information that a user submits for authentication is then encrypted before it is
sent to the Windows domain server.
Enable NTLM cache
When selected, NTLM authentication information is stored in this cache.
Authentication is then based on this stored information, rather on information
retrieved from the Windows domain server.
NTLM cache TTL
Limits the time (in seconds) that authentication information is stored in this cache
to the specified value.
International text support
Specifies a set of characters used by default for a request sent from a client, for
example, ISO-8859-1.
LDAP Specific Parameters
Settings for the LDAP authentication method
Table 12-7 LDAP Specific Parameters
Option
Definition
LDAP server(s) to connect to
Provides a list for entering the LDAP servers that authentication information is
retrieved from.
List of certificate authorities
Provides a list for entering the certificate authorities that issue certificates when a
Secure LDAP (S-LDAP) connection is used for communication with an LDAP server.
Credentials
Specifies the user name of an appliance for logging on to an LDAP server.
Password
Sets the password for a user name.
The Set button opens a window for configuring a new password.
International text support
Specifies a set of characters used by default for a request sent from a client, for
example, ISO-8859-1.
Enable LDAP version 3
When selected, version 3 of the LDAP protocol is used.
If you want to configure Secure LDAP authentication, also known as LDAPS, it is this
LDAP version that you must use.
This version is by default selected.
Allow LDAP library to follow
referrals
When selected, the lookup of user information can be redirected from the LDAP
server to other servers.
Connection live check
Limits the time (in minutes) that elapses between checks to see whether the
connection to the LDAP server is still active to the specified value.
LDAP operation timeout
Limits the time (in seconds) that elapses before the connection to the LDAP server
is closed if no communication occurs to the specified value.
Base distinguished name to
user objects
Specifies the Distinguished name (DN) in the directory on an LDAP server where
the lookup of user attributes should begin.
Map user name to DN
When selected, the name of the user who asks for authentication must map to a
DN (Distinguished Name).
This name identifies the user in the directory on the LDAP server
Filter expression to locate a
user object
McAfee Web Gateway 7.8.0
Specifies a filtering term for restricting the lookup of user attributes.
To substitute the user name in the filtering term, u% is used as a variable.
Interface Reference Guide
87
12
Authentication
Authentication settings
Table 12-7 LDAP Specific Parameters (continued)
Option
Definition
Get user attributes
When selected, user attributes are looked up on the LDAP server to authenticate a
user.
User attributes to retrieve
Provides a list for entering the user attributes that should be retrieved from an
LDAP server.
Attributes concatenation
string
Specifies a string for separating user attributes found by a lookup, for example, /
(slash).
Get groups attributes
When selected, user group attributes are also looked up on the LDAP server to
authenticate a user.
Base distinguished name to
group objects
Specifies the Distinguished name (DN) in the directory on the LDAP server where
the lookup of group attributes should begin
Filter expression to locate a
group object
Specifies a filtering term for restricting the lookup of group attributes.
To substitute the user name in the filtering term, u% is used as a variable.
Provides a list for entering the group attributes that should be retrieved from an
LDAP server.
Group attributes to retrieve
Digest Authentication
Settings for LDAP digest authentication
Table 12-8 Digest Authentication
Option
Definition
Enable digest
authentication
When selected, digest authentication is performed as method for authenticating users
under the LDAP authentication method.
User attribute with
password hash
Specifies the attribute of a user entry on the LDAP server that stores the value for the
authentication hash.
Nonce maximal use count Sets a limit to repeated uses of the nonce (number only once) that is transmitted in
the authentication process and required as a parameter for calculating the
authentication hash.
The maximum number of times that a nonce can be used by default is 100.
Nonce maximal TTL
Sets a limit to the time period (in minutes) that a nonce remains valid.
The maximum time that a nonce can remain valid by default is 30 minutes.
Enable digest URI check
When selected, a check is performed to ensure that the URL that a client sends as a
parameter for calculating the authentication hash is the same as the URL that this
client sends in its request for accessing a particular destination in the web.
If this check fails, the request is blocked.
As this check might also fail due to problems with the different formats that the
browsers on the clients use for sending URLs, it is optional.
The check is enabled by default.
Allow digest
authentication only
When selected, digest authentication must always be performed if a user is to be
authenticated under the LDAP authentication method.
Novell eDirectory Specific Parameters
Settings for the Novell eDirectory authentication method
88
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
Authentication settings
12
Table 12-9 Novell eDirectory Specific Parameters
Option
Definition
LDAP server(s) to connect to
Provides a list for entering the eDirectory servers that take the role of LDAP
servers in providing authentication information.
List of certificate authorities
Provides a list for entering the certificate authorities that issue certificates when
a Secure LDAP (S-LDAP) connection is used for communication with an LDAP
server.
Credentials
Specifies the user name of an appliance for logging on to an LDAP server.
Password
Sets a password for a user name.
The Set button opens a window for configuring a new password.
International text support
Specifies a set of characters used by default for a request sent from a client, for
example, ISO-8859-1.
Enable LDAP version 3
When selected, version 3 of the LDAP protocol is used.
Allow LDAP library to follow
referrals
When selected, the lookup of user information can be redirected from an LDAP
server to other servers.
Connection live check
Limits the time (in minutes) that elapses between checks to see whether the
connection to an LDAP server is still active to the specified value.
LDAP operation timeout
Limits the time (in seconds) that elapses before the connection to an LDAP
server is closed if no communication occurs to the specified value.
eDirectory network address
attribute
Specifies the name of the attribute that provides the network addresses used
for an eDirectory server
eDirectory network login time
attribute
Specifies the name of the attribute that provides the logon time used on an
eDirectory server.
eDirectory network minimal
update interval
Specifies the time that elapses (in seconds) before information from an
eDirectory server is updated.
Base distinguished name to user
objects
Specifies the Distinguished name (DN) in the directory on an LDAP server where
the lookup of user attributes should begin.
Map user name to DN
When selected, the name of the user who asks for authentication must map to a
DN (Distinguished Name). This name identifies the user in the directory on the
LDAP server.
Filter expression to locate a user
object
Specifies a filtering term for restricting the lookup of user attributes.
Get user attributes
When selected, user attributes are looked up on the LDAP server to authenticate
a user.
User attributes to retrieve
Provides a list for entering the user attributes that should be retrieved from an
LDAP server.
Attributes concatenation string
Specifies a string for separating user attributes found by a lookup, for
example, / (slash).
Get groups attributes
When selected, user group attributes are also looked up on the LDAP server to
authenticate a user.
Base distinguished name to
group objects
Specifies the Distinguished name (DN) in the directory on an LDAP server where
the lookup of group attributes should begin.
Filter expression to locate a
group object
Specifies a filtering term for restricting the lookup of group attributes.
Group attributes to retrieve
McAfee Web Gateway 7.8.0
To substitute the user name in the filtering term, u% is used as a variable.
To substitute the user name in the filtering term, u% is used as a variable.
Provides a list of group attributes that should be retrieved from an LDAP server.
Interface Reference Guide
89
12
Authentication
Authentication settings
RADIUS Specific Parameters
Settings for the RADIUS authentication method
Table 12-10 RADIUS Specific Parameters
Option
Definition
RADIUS server definition
Provides a list for entering the RADIUS servers that authentication information is
retrieved from.
Default domain name
Specifies the name of the domain that information is retrieved from if no other
domain is specified.
Shared secret
Sets the password used by an appliance to get access to a RADIUS server.
Radius connection timeout
in seconds
Limits the time (in seconds) that elapses before the connection to the RADIUS server
is closed if no traffic occurs to the specified value.
International text support
Specifies the set of characters used by default for a request sent from a client, for
example, ISO-8859-1.
Value of attribute with code
Sets the code value for the attribute retrieved with the user group information,
according to RFC 2865.
For example, 25 is the code for the “class” attribute.
Vendor specific attribute
with vendor ID
Sets the Vendor ID that is required for retrieving vendor-related data in the search
for user group information.
According to RFC 2865, the vendor ID is a part of the vendor attribute, followed by a
number of subattributes. Its code value is 26.
Vendor subattribute type
Sets a code value for the type of subattributes included in a vendor attribute.
according to RFC 2865.
Since not all vendors adhere to this structure, we recommend to specify 0 as value
here. This allows the authentication module to retrieve all available vendor
information.
Kerberos Specific Parameters
Settings for the Kerberos authentication method
More settings for this authentication method can be configured using the Kerberos Administration system settings,
which can be accessed under the Configuration top-level menu.
Table 12-11 Kerberos Specific Parameters
Option
Definition
Extract group membership IDs
from the ticket
When selected, information to identify the groups that a user is a member of is
retrieved from the ticket that is used in the process of authenticating users
under the Kerberos authentication method.
When this option is selected, the following option becomes accessible.
Look up group names via NTLM
When selected, the names of the groups that a user is a member of are
retrieved using the NTLM authentication method.
Authentication Server Specific Parameters
Settings for the Authentication Server method
90
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
Authentication settings
12
Table 12-12 Authentication Server Specific Parameters
Option
Definition
Authentication server URL
Specifies the URL of a server that is used under this method to look up
authentication information.
Require client ID
When selected, the authentication server requires the ID of the client that a
user sent a request from.
Store authentication result in a
cookie
When selected, the information retrieved from the authentication server is
stored in a cookie
If cookie authentication is implemented, the cookie is added to the next
request sent by the respective user, so that this user need not authenticate
again.
Allow persistent cookie for the
server
When selected, a cookie can be used persistently for sending multiple
requests to the authentication server
Cookie TTL for the authentication
server in seconds
Limits the time (in seconds) that a cookie sent with a request to the server is
stored to the specified value.
Cookie prefix
Specifies a prefix that is added on the appliance to a cookie, for example,
MWG_Auth .
One-Time Password Specific Parameters
Settings for the One-Time Password authentication method
McAfee Web Gateway 7.8.0
Interface Reference Guide
91
12
Authentication
Authentication settings
Table 12-13 One-Time Password Specific Parameters
Option
Definition
OTP server
Specifies the IP address and port number of the OTP server that Web Gateway connects
to when authenticating a user under the One-Time Password authentication method.
Communicate with SSL When selected, communication with the OTP server is performed using an SSL-secured
and trust certificate
connection.
below
When this option is selected, the information in the following four fields is no longer
grayed out and the Import button below these fields becomes accessible.
The fields provided detailed information about the certificate that is currently used in
SSL-secured communication with the OTP server.
• Subject — Provides general information about the certificate.
• Common Name (CN) — Specifies the common name of the certificate.
By default, this name is localhost.
• Organization (O) — Specifies the organization of the certificate.
By default, the organization is OTP Server.
• Organizational Unit (OU) — Specifies the organizational unit of the certificate.
By default, the organizational unit is not set.
• Issuer — Provides information about the issuer of the certificate.
• Common Name (CN) — Specifies the common name of the issuer.
By default, this name is localhost.
• Organization (O) — Specifies the organization of the issuer.
By default, the organization is OTP Server.
• Organizational Unit (OU) — Specifies the organizational unit of the server certificate.
By default, the organizational unit is not set.
• Validity — Limits the time the certificate is valid.
• Not before — Shows the date and time when the validity of the certificate begins.
• Not after — Shows the date and time when the validity of the server certificate ends.
• Extensions — Provides additional information on the certificate.
• Comment — Provides a plain-text comment on the certificate.
By default no comment is provided.
• Import — Opens a window for importing a certificate.
WS client name
Specifies the user name for Web Gateway in communication with the OTP server.
WS client password
Specifies the password for Web Gateway in communication with the OTP server.
OTP message
Specifies the prefix to messages that are sent from the OTP server to Web Gateway and
the delimiters that include a message.
By default a message looks like this:
OTP for MWG: $$<OTP message>$$
McAfee Client Proxy
Settings for the SWPS (McAfee Client Proxy) authentication method
92
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
Kerberos Administration settings
12
Table 12-14 McAfee Client Proxy
Option
Definition
Customer ID
Specifies an identifier for a customer.
Shared password
Sets a password for a customer.
Clicking Set opens a window that allows you to perform the setting.
Keep domain in group name
When selected, domain information contained in the name of a user group is
kept.
This option is selected by default.
Remove custom headers used for
authentication
When selected, headers contained in the information that is submitted for
authentication are removed.
This option is selected by default.
Export MCP credentials to XML file
Lets you export the credentials that are submitted when performing the SWPS
(McAfee Client Proxy) authentication method.
By default a message looks like this:
OTP for MWG: $$<OTP message>$$
Advanced Parameters
Setting for configuring advanced authentication
This is setting is the same for all authentication methods. Its description is therefore also provided at
the beginning of this description of the authentication settings, after the description of the common
settings.
Table 12-15 Advanced Parameters
Option
Definition
Always evaluate
property value
When selected, a new evaluation to assign a value to a property is performed each time a rule
containing this property is processed.
If a value has been stored for a property in the cache, it is not used.
While it is normally recommended to let cache values be used to improve performance, there
can be situations where the new evaluation of a property is required.
In these situations, the same property is used more than once within the authentication rules
and with the same settings of the Authentication module. A new evaluation ensures the most
current value is assigned to the property each time.
Kerberos Administration settings
The Kerberos Administration settings are specific settings for the Kerberos authentication method.
Kerberos Administration
Settings for the Kerberos authentication method
McAfee Web Gateway 7.8.0
Interface Reference Guide
93
12
Authentication
Windows Domain Membership settings
Table 12-16 Kerberos Administration
Option
Definition
Key tab file
Specifies the file that contains the master key required to access the Kerberos server.
You can type a file name or use the Browse button to browse to the file and enter its name in
the field.
When a ticket is issued for authentication according to the Kerberos method, the master key is
read on the appliance and used to verify the ticket.
If you are running a load balancer that directs web requests to the appliance, tickets are issued
for the load balancer and verified on the appliance. It is then not checked whether a request is
directed to the appliance.
Kerberos realm
Specifies an administrative domain configured for authentication purposes.
Within the boundaries of this domain the Kerberos server has the authority to authenticate a
user who submits a request from a host or using a service.
The realm name is case sensitive, however. normally only uppercase letters are used, and it is
good practice to make the realm name the same as that of the relevant DNS domain.
Maximal time
difference
between
appliance and
client
Limits the time (in seconds) that the system clocks on the appliance and its clients are allowed
to differ to the specified value.
Configuring Kerberos as the authentication method can lead to problems when particular
browsers are used for sending requests:
• When the Microsoft Internet Explorer is used in a version lower than 7.0, Kerberos
authentication might not be possible at all.
• When this explorer runs on Windows XP, Kerberos authentication might not work as
expected.
• When Mozilla Firefox is used, Kerberos authentication must be configured in the browser
settings to enable this authentication method.
Enable replay
cache
When selected, a ticket that is issued for authentication cannot be used more than once.
Selecting this option reduces authentication performance
Windows Domain Membership settings
The Windows Domain Membership settings are used for joining an appliance to a Windows domain.
Join Domain
Settings for joining an appliance to a Windows domain
Table 12-17 Join Domain
94
Option
Definition
Windows domain name
Specifies the name of the domain.
McAfee Web Gateway account
name
Specifies the name of an account for an appliance.
Overwrite existing account
When selected, an existing account is overwritten.
Use NTLM version 2
When selected, NTLM version 2 is used.
Timeout for requests to this
NTLM domain
Limits the time (in seconds) that elapses before processing stops for a request
sent from an appliance to a domain controller if no response is received to the
specified value.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
NTLM Agent settings (NTLM Agent)
12
Table 12-17 Join Domain (continued)
Option
Definition
Wait time for reconnect to
domain controller
Specifies the time (in seconds) that elapses before another attempt is made to
connect to a domain controller after a previous attempt failed.
The allowed range is from 5 to 300 seconds.
Configured domain controllers
Provides a list for entering the domain controllers that an appliance can connect
to in order to retrieve authentication information.
Entries must be separated by commas.
Number of active domain
controllers
Maximum number of configured domain controllers that can be active at the
same time
The allowed range is from 1 to 10.
Administrator name
Specifies the logon name of an existing administrator account that has privileges
to join an appliance to a domain by creating a machine account in Active
Directory.
Logon name and password are only used once to create the machine account.
They are not stored.
Password
Specifies the password of the existing administrator account.
NTLM Agent settings (NTLM Agent)
The NTLM Agent settings (NTLM Agent) are the settings that must be configured using the options that are provided
by the NTLM Agent to implement the NTLM Agent authentication method.
These settings are provided in the NTLM Agent configuration window. This window includes the following areas:
•
Network Settings
•
Allowed Clients
•
Status
Network Settings
Settings for configuring the communication between the NTLM Agent and Web Gateway
Table 12-18 Network Settings
Option
Definition
Listener Port
Specifies the number of the port on which the NTLM Agent listens to requests from Web
Gateway.
The same number must be specified here and on the user interface of Web Gateway.
The default port number for this listener port is 9531.
Use SSL
When selected, communication between the NTLM Agent and Web Gateway is
SSL-secured.
This setting must match the corresponding setting on the user interface of Web Gateway.
McAfee Web Gateway 7.8.0
Interface Reference Guide
95
12
Authentication
NTLM Agent Specific Parameters (Web Gateway)
Table 12-18 Network Settings (continued)
Option
Definition
Max Connections
Sets the maximum number of connections between the NTLM Agent and Web Gateway.
Every instance of Web Gateway usually opens only one connection to the NTML Agent,
but it is advisable to allow a few connections.
The default maximum number is 5.
Working Threads per
Connection
Sets the maximum number of working threads that can be used on an open connection.
Default Domain
Specifies the domain that is used by default when authentication is performed.
The default maximum number is 5.
Allowed Clients
Settings for configuring the clients Web Gateway that are allowed to authenticate using the NTLM Agent
method
Table 12-19 Allowed Clients
Option
Definition
List field
Lists the allowed clients.
If an * (asterisk) is displayed, all clients of Web Gateway are allowed.
This is also the default value.
Input field
Lets you add clients to the list.
To add a client, enter its IP address and click Add.
Add
Adds a client to the list.
Del
Deletes a client that has been selected in the list.
Status
Message field providing client status information
Table 12-20 Status
Option
Definition
Message field The messages that are displayed in this field contain status information about the allowed
clients, for example, whether a connection to a client has been opened or closed and when this
happened.
Use the scroll bars next to this field to see all the messages displayed here.
NTLM Agent Specific Parameters (Web Gateway)
The NTLM Agent Specific Parameters (Web Gateway) settings are the settings that must be configured on Web Gateway
to implement the NTLM Agent authentication method.
NTLM Specific Parameters
Settings for the NTLM authentication method
96
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
Administrator account settings
12
Table 12-21 NTLM Specific Parameters
Option
Definition
Default NTLM domain
Specifies the name of the default Windows domain used for looking up authentication
information.
This is one of the domains you configured on the Appliances tab of the Configuration
top-level menu.
This domain name must match the domain configured for he NTLM Agent product.
Get global groups
When selected, information on global user groups is searched for on the Windows
domain server.
Get local groups
When selected, information on local user groups is searched for on the Windows
domain server.
Prefix group name with
domain name (domain
\group)
When selected, the name of the Windows domain appears before the name of the
user group when authentication information on this group is sent from the domain
server.
Enable basic
authentication
When selected, the basic NTLM authentication method is applied to authenticate
users.
Information that a user submits for authentication is then sent in plain-text format
(less secure) to the Windows domain server.
When selected, the integrated NTLM authentication method is applied to authenticate
users.
Enable integrated
authentication
Information that a user submits for authentication is then encrypted before it is sent
to the Windows domain server.
When selected, NTLM authentication information is stored in this cache.
Enable NTLM cache
Authentication is then based on this stored information, rather on information
retrieved from the Windows domain server.
NTLM cache TTL
Limits the time (in seconds) that authentication information is stored in this cache.
International text support
Specifies the encoding of a string with user credentials (user name and password)
that is sent from a client during basic authentication and converted into UNICODE on
Web Gateway.
Either of the following is allowed for encoding:
• UTF-8 (2 symbols)
• ISO-8859 (Western Europe, 1 symbol)
The default encoding is ISO-8859.
Administrator account settings
The administrator account settings are used for configuring credentials and roles for administrators.
Administrator account settings
Settings for administrator accounts
Table 12-22 Administrator account settings
Option
Definition
User name
Specifies the user name of an administrator.
Password
Sets an administrator password.
McAfee Web Gateway 7.8.0
Interface Reference Guide
97
12
Authentication
Administrator role settings
Table 12-22 Administrator account settings (continued)
Option
Definition
Password repeated Lets you repeat the password and confirm it.
In the Edit Administrator window, you need to select Set a new password before the two password
fields become available.
Role
Provides a list for selecting an administrator role.
You can use the Add and Edit options to add and edit roles.
The added and edited roles appear in the list of administrator roles.
Name
Specifies the real name of the person that an account is set up for.
Configuration of this name is optional.
Test with current settings
Settings for testing whether an administrator with given credentials would be admitted on the appliance
Table 12-23 Test with current settings
Option
Definition
User
Specifies a user name that is tested.
Password
Specifies the tested password.
Test
Executes the test.
The Authentication Test Results window opens to display the outcome of the test.
Administrator role settings
The administrator role settings are used for configuring roles that can be assigned to administrators of Web
Gateway.
Administrator role settings
Rights granted to particular administrator roles
Table 12-24 Administrator role settings
Option
Definition
Name
Gives a name to an administrator role.
Dashboard accessible
Allows access to the Dashboard tab on the user interface.
Policy - Rules accessible
Allows access to the rules and rule sets on the Rule Sets tab.
If this access is allowed, the following access right can also be granted.
Top-level move and create — Allows a role to move top-level rule sets and to create new
top-level rule sets.
Policy - Lists accessible
Allows access to the Lists tab.
If this access is allowed, the following access rights can also be granted.
• List creation — Allows a role to create lists.
• SSO catalog — Allows a role to access the SSO catalog.
98
McAfee Web Gateway 7.8.0
Interface Reference Guide
Authentication
Administrator role settings
12
Table 12-24 Administrator role settings (continued)
Option
Definition
Confíguration accessible
Allows a role access to the Configuration tab to configure settings of the appliance
system.
If this access is allowed, the following access right can also be granted.
File editor — Allows a role to work with the File Editor to edit files of the appliance
system.
Granting this access right also gives an administrator root privileges when accessing an
appliance on the command line of a system console.
Accounts accessible
Allows access to the Accounts tab for administrator accounts.
Troubleshooting
accessible
Allows access to the Troubleshooting tab to carry out troubleshooting measures.
Granting this access right also gives an administrator root privileges when accessing an
appliance on the command line of a system console.
Permissions accessible
Allows access to the Permissions tabs that are provided when rules, lists, and settings of
a web security policy are created.
Creating these items includes giving permission for reading or writing access to any of
them.
Read-only admin
Allows only reading access to the user interface.
REST Interface accessible Allows access to the REST Interface.
McAfee Web Gateway 7.8.0
Interface Reference Guide
99
12
Authentication
Administrator role settings
100
McAfee Web Gateway 7.8.0
Interface Reference Guide
13
Quota management
Contents
Time Quota settings
Volume Quota settings
Coaching settings
Authorized Override settings
Block Session settings
Quota system settings
Time Quota settings
The Time Quota settings are used for configuring the module that handles time quota management.
Time Quota per Day, Week, Month, and Session Time
Settings for time quotas
When a time unit or the session time is selected, the heading of the next section reads accordingly.
Table 13-1 Time Quota per Day, Week, Month, and Session Time
Option
Definition
Time quota per day (week, month) When selected, the quota that is configured in the next section applies to the
selected time unit.
When selected, the quota that is configured in the next section applies to the
session time.
Session time
Hours and Minutes for . . .
Settings for time quotas that apply to the selected time unit or the session time
The heading of this section varies according to what you selected in the preceding section.
For example, if you selected Time quota per week, the heading reads Hours and Minutes for Time Quota per Week.
Table 13-2 Hours and Minutes for . . .
Option
Definition
Hours
Sets the allowed hours per day, week, month, or for the session time.
Minutes
Sets the allowed minutes per day, week, month, or for the session time.
Actual Configured Time Quota
Displays the configured time quotas.
McAfee Web Gateway 7.8.0
Interface Reference Guide
101
13
Quota management
Volume Quota settings
Table 13-3 Actual Configured Time Quota
Option
Definition
Time quota per day (week, month)
Shows the allowed time per day, week, or month.
Session time
Shows the allowed session time.
Volume Quota settings
The Volume Quota settings are used for configuring the module that handles volume quota management.
Volume Quota per Day, Week, and Month
Settings for volume quotas
When a time unit or the session time is selected, the heading of the next section reads accordingly.
Table 13-4 Volume Quota per Day, Week, and Month
Option
Definition
Volume quota per day (week, month) When selected, the quota that is configured in the next section applies to the
selected time unit
When selected, the quota that is configured in the next section applies to the
session time
Session time
Volume for . . .
Settings for volume quotas that apply to the selected time unit or the session time
The heading of this section varies according to what you selected in the preceding section.
For example, if you selected Volume quota per week, the heading reads Volume for Volume Quota per Week.
However, if you selected Session Time, the heading reads Hours and Minutes.
Table 13-5 Volume for . . .
Option
Definition
GiB
Specifies the number of GiB that are allowed as volume.
MiB
Specifies the number of MiB that are allowed as volume.
Actual Configured Volume Quota
Displays the configured volume quotas.
Table 13-6 Actual Configured Volume Quota
102
Option
Definition
Volume quota per day (week, month)
Shows the allowed volume per day, week, or month.
Session time
Shows the allowed session time.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Quota management
Coaching settings
13
Coaching settings
The Coaching settings are used for configuring the module that handles coaching.
Hours and Minutes of Session Time
Settings for configuring the length of a coaching session
Table 13-7 Hours and Minutes of Session Time
Option
Definition
Days
Sets the days of a coaching session.
Hours
Sets the hours of a coaching session.
Minutes
Sets the minutes of a coaching session.
Authorized Override settings
The Authorized Override settings are used for configuring the module that handles authorized overriding.
Hours and Minutes of Maximum Session Time
Settings for configuring the maximum time length of a session with authorized overriding.
Table 13-8 Hours and Minutes of Maximum Session Time
Option
Definition
Days
Sets the days of an Authorized Override session.
Hours
Sets the hours of an Authorized Override session.
Minutes
Sets the minutes of an Authorized Override session.
Block Session settings
The Block Session settings are used for configuring the module that handles blocking sessions.
Hours and Minutes for Session Time
Settings for configuring the time length of a blocking session
Table 13-9 Hours and Minutes for Session Time
Option
Definition
Days
Sets the days of a blocking session.
Hours
Sets the hours of a blocking session.
Minutes
Sets the minutes of a blocking session.
Quota system settings
Quota system settings are general settings for time intervals related to quota management .
If an appliance is a node in a Central Management configuration, you can configure time intervals for data
synchronization with other nodes.
McAfee Web Gateway 7.8.0
Interface Reference Guide
103
13
Quota management
Quota system settings
These settings are configured on the Appliances tab of the Configuration top-level menu.
They can also appear under the name of Coaching (instead of Quota), but apply in both cases to all options that
are provided for quota management: Authorized override, blocking sessions, coaching, time quota, and volume
quota.
Quota Intervals for Synchronisation and Saving in Minutes
Settings for time intervals related to quota management
Table 13-10 Quota Intervals for Synchronisation and Saving in Minutes
Option
Definition
Save interval
Limits the time (in minutes) that elapses before current quota values are saved on an
appliance to the specified value.
Quota value to be saved are, for example, the byte volumes that have been consumed by
users.
Interval for sending
updated quota data
Limits the time (in minutes) that elapses before current quota values are distributed
from an appliance to all nodes in a Central Management configuration to the specified
value.
The distributed data includes the changes in quota values that have occurred since the
last time that data were distributed from the appliance.
Interval for base
synchronisation
Limits the time (in minutes) that elapses before quota values are synchronized on all
nodes in a Central Management configuration to the specified value.
The synchronization takes a snapshot of the current quota values on all appliances. The
values that are most recent with regard to individual users are distributed to all
appliances.
The values are also distributed to nodes that were temporarily inactive and did not
receive updates sent during that time. They are, furthermore, distributed to nodes that
have been newly added to the configuration, so they did not receive any previous
updates.
Cleanup database after Limits the time (in days) that elapses before data is deleted in the quota database to the
specified value.
Before data is deleted, a check is performed to see whether the data is obsolete. Data is
obsolete if the time interval that has been configured for a quota management function
has elapsed.
For example, if a particular amount of bytes has been configured as volume quota for a
user to be consumed during a month, the amount that the user actually consumed
during a month becomes obsolete when a new month begins. The cleanup then deletes
this data if the time configured under the Cleanup database after option has also elapsed.
Stored data becomes obsolete after a month for time quotas. For other quota
management functions, other time intervals are relevant. For example, for coaching and
authorized overriding, the cleanup cannot be performed before the allowed session time
has elapsed.
104
McAfee Web Gateway 7.8.0
Interface Reference Guide
14
Web filtering
Contents
Key elements for anti-malware filtering
Anti-Malware settings
TIE Filter settings
Anti-Malware system settings
Key elements for URL filtering
URL Filter settings
IFP Proxy settings
Key elements for media type filtering
Properties for media type filtering
Stream Detector settings
SSL Client Certificate Handling settings
SSL Scanner settings
SSL Client Context with CA settings
SSL Client Context without CA settings
Certificate Chain settings
Hardware Security Module settings
Key elements for using Advanced Threat Defense
Gateway ATD settings
Data Loss Prevention (Classifications) settings
Data Loss Prevention (Dictionaries) settings
ICAP Client settings
ReqMod for Cloud settings
Key elements for anti-malware filtering
The key elements of the rules for anti-malware filtering deal with important parts of this filtering process.
Bypass Scanning for These Agents and Hosts
Key elements for bypassing scanning by the Anti-Malware module
Table 14-1 Bypass scanning for these agents and hosts
Option
Definition
User agent whitelist Clicking Edit opens a window to let you edit the User Agent Whitelist that is used by a rule.
You can add, modify, and remove entries on the list.
URL host whitelist
Clicking Edit opens a window to let you edit the URL Host Whitelist that is used by a rule.
You can add, modify, and remove entries on the list.
McAfee Web Gateway 7.8.0
Interface Reference Guide
105
14
Web filtering
Anti-Malware settings
Scanning Options
Key elements for the scanning activities of the Anti-Malware module
Table 14-2 Scanning Options
Option
Definition
Remove partial
content for HTTP
requests
When selected, a rule is enabled that removes the specification in an HTTP or HTTPS request
for accessing only a part of the content of a web object and lets the request ask for the
complete content.
If a web object, for example, a file, is delivered completely by the web server in question, it
can also be scanned completely on Web Gateway. A complete scan can detect infections
that might not be noticed if only a part of the web object was scanned.
Block partial
content for FTP
requests
When selected, a rule is enabled that blocks FTP requests for access to only a part of the
content of a web object.
Use the Media
Stream Scanner
When selected, the Media Stream Scanner scans and delivers web objects that are
streaming media chunk-by-chunk, to speed up the process.
Under the FTP protocol. it is not possible to remove a specification in a request for access to
only a part of the content of a web object. For this reason it might be advisable to block such
requests.
The proactive functions of the McAfee Gateway Anti-Malware engine are used for the
scanning, but the other engines that are available for this purpose on Web Gateway are not
involved.
Gateway Anti-Malware Settings
Key elements for configuring the settings of the Anti-Malware module
Table 14-3 Gateway Anti-Malware Settings
Option
Definition
Enable Anti-Malware scanning When selected, a rule is enabled that calls the Anti-Malware module, which scans web
objects for infections by viruses and other malware.
Settings
Clicking Edit opens a window to let you edit the settings for the Anti-Malware module.
Anti-Malware settings
The Anti-Malware settings are used for configuring the way the Anti-Malware module scans web objects for
infections by viruses and other malware.
Gateway Anti-Malware settings
The Gateway Anti-Malware settings are settings for the Anti-Malware module (engine) that are by default available
after the initial setup of Web Gateway.
Select Scanning Engines and Behavior
Settings for selecting a combination of scanning engines and their behavior in case one of them detects an
infection
The scanning engines are the submodules that run together as the Anti-Malware module to scan web objects
106
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
Anti-Malware settings
14
Table 14-4 Select Scanning Engines and Behavior
Option
Definition
Full McAfee coverage: The recommended high-performance
configuration
When selected, the McAfee Gateway Anti-Malware
engine is active.
This option is selected by default.
Layered coverage: Full McAfee coverage plus specific Avira
engine features — minor performance impact
When selected, the McAfee Gateway Anti-Malware
engine and, for some web objects, also the third-party
Avira engine are active.
Duplicate coverage: Full McAfee coverage and Avira engine
— less performance and more false positives
When selected, the McAfee Gateway Anti-Malware
engine and the third-party Avira engine are active.
Avira only: Only uses Avira engine — not recommended
When selected, only the Avira engine is active.
McAfee Threat Defense only: Send files to an MATD appliance When selected, files are only analyzed on an MATD
appliance.
for deep analysis through sandboxing
Cloud service: Send files to a cloud sandboxing service for
deep analysis through sandboxing
When selected, files are analyzed by a cloud service.
Stop virus scanning right after an engine detected a virus
When selected, engines stop scanning a web object as
soon as one of them has detected an infection by a virus
or other malware.
Mobile Code Behavior
Settings for configuring a risk level in classifying mobile code
The risk level can take values from 60 to 100.
A low value means the risk in proactively scanning the behavior of mobile code and not detecting that it is
malware is low because the scanning methods are applied very strictly. Mobile code will then be classified as
malware even if only a few criteria of being potentially malicious have been detected.
This can lead to classifying mobile code as malware that is actually not malicious (“false positives”).
While more proactive security is achieved with a stricter setting, accuracy in determining which mobile code is
really malicious will suffer. Consequently, the appliance might block web objects that you want to get through to
your users.
A high value means the risk in not detecting malicious mobile code is high (more “false negatives”), but more
accuracy is achieved in classifying mobile code correctly as malicious or not (fewer “false positives”).
Table 14-5 Mobile Code Behavior
Option
Definition
Classification threshold
Sets a risk level as described above on a slider scale.
• Minimum value (maximum proactivity): 60
• Maximum value (maximum accuracy): 100
McAfee Web Gateway 7.8.0
Interface Reference Guide
107
14
Web filtering
Anti-Malware settings
Advanced Settings
Advanced settings for all scanning submodules
Advanced Settings
Table 14-6 Advanced Settings
Option
Definition
Enable Antivirus prescan
When selected, performance of the submodules is improved by reducing
the load sent to them for scanning.
Increase Web Gateway performance
by making a light-weight pass on:
This option is by default selected. We recommend that you keep this
setting.
• Common web files
• Common web files and other
low-risk files
• Common web files, other low-risk
files, and web content on
trustworthy sites
Files matching the selected option do
not continue to the standard
anti-malware scanning.
When this option is selected, the three options below it are also accessible.
You can select one of them to configure the range of file types that
light-weight malware scanning should be applied to.
The third option is selected by default.
The three options are related to each other: If the first option is configured,
the other two options are not effective. The second option includes the first
option, the third option includes the first and the second option.
The URL Filter module is involved to verify whether the web site that a file is
downloaded from is trustworthy.
Updates of virus and malware filtering information can modify the
categorization of file types as safe or rarely exploited or hosted on
trustworthy web sites.
Enable GTI file reputation queries
When selected, information on the reputation of files retrieved from the
Global Threat Intelligence system is included in the scanning result.
Enable heuristic scanning
When selected, heuristic scanning methods are applied to web objects.
Advanced Settings for McAfee Gateway Anti-Malware
Advanced settings for the McAfee Gateway Anti-Malware submodule
Table 14-7 Advanced Settings for McAfee Gateway Anti-Malware
Option
Definition
Enable detection for potentially unwanted
programs
When selected, web objects are also scanned for potentially
unwanted programs.
This option is not enabled by default.
Enable mobile code scanning
When selected, mobile code is scanned in general.
Individual settings can be configured under Scan the following mobile
code types.
Enable removal of disinfectable content
detected in HTML documents by mobile code
filter
108
McAfee Web Gateway 7.8.0
When selected, the content described here can be removed.
This option is not enabled by default.
Interface Reference Guide
Web filtering
TIE Filter settings
14
Advanced Settings for Avira
Advanced settings for the Avira submodule
Table 14-8 Advanced Settings for Avira
Option
Definition
Maximum size of archive
member
Limits the size (in MB) of a member in an archive that the Avira engine scans for
infections.
If an archive member exceeds this size, it is not scanned and the archive is
blocked.
The default size limit is 1024 MB.
TIE Filter settings
The TIE Filter settings are used for configuring the TIE Filter module, which is involved in the process of
exchanging information between Web Gateway and a TIE server.
TIE Reputations settings
The TIE Reputations settings are settings for the TIE Filter module (engine) that are by default available after the
initial setup of Web Gateway.
Product Priorities
Settings for configuring the order in which connected web security products are queried for file reputation
information
Table 14-9 Product Priorities
Option
Definition
Use default product priority
order (TIE first, worst
reputation of all other next)
When selected, information is queried from connected web security products in
the default order.
The default order is to query information from a TIE server first. This information
is then used in rules for anti-malware filtering.
If noTIE server information is available, all other connected products are queried.
The lowest reputation score that is retrieved from a connected product is then
used in rules for anti-malware filtering.
Customize product order
When selected, a list becomes available that allows you to configure a different
order of querying connected web security products.
List of user-defined counters
Provides a list of connected web security products. The products are queried for
file reputation information in the order that they take in this list.
McAfee Web Gateway 7.8.0
Interface Reference Guide
109
14
Web filtering
Anti-Malware system settings
Table 14-10 List of user-defined counters - List entry
Option
Definition
Product IDs Specifies the ID of a web security product that is connected to Web Gateway.
When an * (asterisk) is specified as the only ID or in last position, all connected products
are queried for file reputation information.
The lowest score that is retrieved from a product is then used in rules for anti-malware
filtering.
Comment
Provides a plain-text comment on a product.
Anti-Malware system settings
The Anti-Malware system settings are used for configuring the anti-malware queue.
Global Anti-Malware Settings
Settings for the anti-malware queue
Table 14-11 Global Anti-Malware Settings
Option
Definition
Number of threads for AV scanning
Sets the number of anti-malware working threads that are available on an
appliance.
The number you specify here applies to both the threads that forward
requests and responses to threads of the scanning modules and the scanning
module threads themselves.
For example, if you specify 25, there will be 25 threads for forwarding and 25
for scanning.
Use at least as many AV threads as
the number of CPU cores available
When selected, the number of AV threads use for scanning activities is at
least the same as the number of available CPU cores.
Maximum number of jobs in the
queue
Limits the number of requests or responses that can be moved to the
anti-malware queue as jobs for the scanning modules.
Number of seconds a scanning job
stays in the queue before being
removed
Limits the time (in seconds) that elapses before a request or response is
removed from the anti-malware queue if it has not been forwarded for
scanning.
Key elements for URL filtering
The key elements for URL filtering deal with important parts of this filtering process.
Basic Filtering
Key elements for performing basic URL filtering
110
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
Key elements for URL filtering
14
Table 14-12 Basic Filtering
Option
Definition
URL whitelist
Clicking Edit opens a window to let you edit the URL whitelist that is used by a rule.
You can add, modify, and remove entries on the list.
URL blocklist
Clicking Edit opens a window to let you edit the URL blocklist that is used by a rule.
You can add, modify, and remove entries on the list.
URL category blocklist Clicking Edit opens a window to let you edit the URL category blocklist that is used by a
rule.
You can add, modify, and remove entries on the list.
SafeSearch
Key elements for integrating SafeSearch in the URL filtering process
Table 14-13 SafeSearch
Option
Definition
Enable SafeSearch
When selected, a rule is enabled that controls the SafeSearch part of the URL filtering
process.
SafeSearch settings Clicking Edit opens a window to let you edit the settings for the SafeSearch Enforcer module
(or engine).
This module handles the integration of the SafeSearch Enforcer, which is an additional web
security product, in the URL filtering process on Web Gateway.
GTI reputation
Key element for evaluating reputation scores retrieved from the Global Threat Intelligence service within the
URL filtering process
Table 14-14 GTI reputation
Option
Definition
Block URLs with a High Risk When selected, a rule is enabled that blocks URLs with a reputation score that lets
reputation
them appear to be a high or medium risk to web security.
The reputation score of a URL is established by the Global Threat Intelligence service,
which is provided by McAfee. It is retrieved from this service by the URL Filter
module.
Uncategorized URLs
Key element for handling URLs that could not be categorized during the URL filtering process
Table 14-15 Uncategorized URLs
Option
Definition
Uncategorized URLs Selecting Block enables a rule that blocks requests for access to web objects with URLs that
could not be categorized during the URL filtering process.
Selecting Allow means that no action is executed by this rule. URL filtering continues with
processing the next rule.
McAfee Web Gateway 7.8.0
Interface Reference Guide
111
14
Web filtering
URL Filter settings
URL Filter settings
The URL Filter settings are used for configuring the way the URL Filter module retrieves information from the
Global Threat Intelligence system.
Extended List
Settings for extended lists
Table 14-16 Extended List
Option
Definition
Use the extended list
Provides a list for selecting an extended list.
Add
Opens the Add List window for adding an extended list.
Edit
Opens the Edit List (Extended List) window for editing the selected extended list.
Rating Settings
Settings for retrieving rating information on URLs based on categories and reputation scores
Table 14-17 Rating Settings
Option
Definition
Search the CGI parameters for
rating
When selected, CGI parameters are included in the search for information.
Search for and rate embedded
URLs
When selected, embedded URLs are included in the search for information and
rated.
CGI (Common Gateway Interface) parameters in a URL trigger scripts or programs
when the URL is accessed. Information on CGIs is considered when categorizing a
URL.
Information on an embedded URL is considered when categorizing the
embedding URL.
Searching for embedded URLs can impact performance.
Do a forward DNS lookup to rate When selected, a DNS lookup is performed for a URL that no relevant information
URLs
has been found for.
The IP address that was looked up is used for another search.
Do a backward DNS lookup for
unrated IP-based URLs
When selected, a backward DNS lookup, based on its IP address, is performed for
a URL that no relevant information has been found for.
The host name that was looked up is used for another search.
112
Use the built-in keyword list
When selected, the built-in keyword list is included in the search.
Only use online GTI web
reputation and categorization
services
When selected, information on URL categories and reputation scores is only
retrieved from the Global Threat Intelligence system.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
URL Filter settings
14
Table 14-17 Rating Settings (continued)
Option
Definition
Use online GTI web reputation
and categorization services if
local rating yields no results
When selected, information on URL categories and reputation scores is only
retrieved from the Global Threat Intelligence system if the search in the internal
database yielded no results.
Use default GTI server for web
reputation and categorization
services
When selected, the appliance connects to the default server for retrieving
information on URL categories and reputation scores from the Global Threat
Intelligence system.
• IP of the server — Specifies the IP address of the server used to connect to the
Global Threat Intelligence system when the default server is not used.
Format: <domain name> or <IPv4 address> or <IPv4 address mapped to IPv6
address>
Regular IPv6 addresses cannot be specified here.
• Port of the server — Specifies the port number of the port on this server that
listens to requests from the appliance.
Allowed range: 1–65535
Advanced Settings
Advanced settings for the URL Filter module
Table 14-18 Advanced Settings
Option
Definition
Treat connection problems to When selected, problems arising on the connection from the appliance to the
the cloud as errors
Global Threat Intelligence server are logged as errors.
Properties for error handling are set and eventually rules from an Error Handler rule
set are executed.
Do a backward DNS lookup
also for private addresses
When selected, private IP addresses are included in the backward DNS lookup.
Excluding these addresses from the lookup leads to an increase in performance for
URL filtering.
This option is disabled by default.
The lookup includes the following types of addresses:
• IPv4
• Private addresses
• Zeroconf addresses
• IPv6
• Link local addresses
• Site local addresses
• Unique local addresses
Settings for configuring a proxy the appliance can use to connect to the Global Threat Intelligence™ system
Table 14-19 Proxy Settings
Option
Definition
Use upstream proxy
When selected, the appliance uses a proxy for connecting to the Global Threat
Intelligence server on which lookups for URL category information, also known as
“in-the-cloud” lookups, can be performed.
IP or name of the proxy Specifies the IP address or host name of the proxy.
McAfee Web Gateway 7.8.0
Interface Reference Guide
113
14
Web filtering
IFP Proxy settings
Table 14-19 Proxy Settings (continued)
Option
Definition
Port of the proxy
Specifies the number of the port on the proxy that listens for lookup requests from the
appliance.
User name
Specifies a user name for the appliance when logging on to the proxy.
Password
Sets a password for an appliance.
Set
Opens a window for setting a password.
Settings for logging URL filtering activities on the appliance
Table 14-20 Logging
Option
Definition
Enable
logging
When selected, URL filtering activities are logged on the appliance.
Log level
If this option is not selected, the following logging options are grayed out.
Provides a list for selecting the log level.
Log levels are as follows:
• 00 FATAL — Logs only fatal errors.
• 01 ERRORS — Logs all errors.
• 02 WARNING — Logs errors and warnings.
• 03 INFO — Logs errors, warnings, and additional information.
• 04 DEBUG1 ... 013 DEBUG9 — Log information required for debugging URL filtering activities.
The amount of logged information increases from level DEBUG1 to DEBUG9.
• 14 TRACE — Logs information required for tracing URL filtering activities.
• 15 ALL — Logs all URL filtering activities
(Log area)
Provides a set of options for including different areas of URL filtering activities into the logging.
• LOG_AREA_ALL — When selected, all URL filtering activities are logged.
• LOG_AREA_NETWORK — When selected, activities regarding the network connections used for
URL filtering are logged.
• LOG_AREA_DATABASE_SEARCH — When selected, activities regarding the retrieval of data for URL
filtering from the internal database are logged.
• LOG_AREA_DNS — When selected, activities regarding a DNS lookup that is performed for URL
filtering are logged.
• LOG_AREA_URL — When selected, activities for handling URLs, such as parsing them, are logged.
• LOG_AREA_CLOUD — When selected, activities regarding the retrieval of information from the
Global Threat Intelligence system are logged.
IFP Proxy settings
The IFP Proxy settings are used for configuring a proxy that intercepts requests for web access submitted under
the IFP protocol and makes them available for URL filtering.
IFP Proxy
Settings for configuring an IFP proxy
114
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
Key elements for media type filtering
14
Table 14-21 IFP Proxy
Option
Definition
Enable IFP proxy
When selected, an IFP proxy is enabled on an appliance.
IFP port definition list
Allows you to create a list of ports that listen for IFP requests.
Maximum number of concurrent IFP
requests allowed.
Limits the number of IFP requests that are processed at the same time to
the specified value.
You can use this setting to prevent an overloading of the IFP proxy.
The following table describes an entry in the IFP port definition list.
Table 14-22 IFP Port Definition
Option
Definition
Listener address
Specifies the IP address and port number of a port that listens to IFP requests.
Send error message as
redirect
When set to true, a user who sent a request is informed, for example, about a
blocking of the request, by redirecting the request to an error message page.
Otherwise the relevant information is sent as a normal message under the IFP
protocol.
Comment
Provides a plain-text comment on a port that listens to IFP requests.
Key elements for media type filtering
The key elements for media type filtering deal with important parts of this filtering process.
Block Media Types in Uploads
Key elements for filtering media that are uploaded to the web
Table 14-23 Block Media Types in Uploads
Option
Definition
Media types to block Clicking Edit opens a window to let you edit the Upload Media Type Block List that is used by
a rule.
You can add, modify, and remove entries on the list.
Block Media Types in Downloads
Key elements for filtering media that are downloaded from the web
Table 14-24 Block Media Types in Downloads
Option
Definition
Media types to block
Clicking Edit opens a window to let you edit the Download Media Type Block List
that is used by a rule.
You can add, modify, and remove entries on the list.
Block undetectable media types When selected, a rule is enabled that blocks media if no type could be detected
for them.
Block unsupported media types When selected, a rule is enabled that blocks media if it belongs to a type that
cannot be handled on Web Gateway.
McAfee Web Gateway 7.8.0
Interface Reference Guide
115
14
Web filtering
Properties for media type filtering
Table 14-24 Block Media Types in Downloads (continued)
Option
Definition
Block multimedia
When selected, a rule is enabled that blocks media if it belongs to the multimedia
type.
Block streaming media
When selected, a rule is enabled that blocks media if it is streaming media.
Properties for media type filtering
Most media type filtering rules in the default rule set use the MediaType.EnsuredTypes property in their criteria.
Using other properties lets media type filtering be executed in a different way.
There is, for example, the MediaType.NotEnsuredTypes property. If you use this property in the criteria of a
blocking rule, the rule blocks media whose types are on a block list even if the probability that they actually are
of this type is less than 50%.
You could use this property to make sure a media type gets blocked under all circumstances.
The following table lists the properties that are available for rules in media type filtering.
Table 14-25 Media type filtering properties
Property
Description
MediaType.EnsuredTypes
Property of media that have their types ensured with a probability of more than
50%
This level of probability is assumed if a media type signature from an internal list
on the appliance can be found in the object code of the media.
MediaType.NotEnsuredTypes
Property of media for which the probability that they actually are of their
respective types is less than 50%
MediaType.FromFileExtension Property of media for which types are assumed based on the extensions of the
media type file names
Extensions and the media types associated with them are looked up in an
internal catalog on the appliance. There are, however, extensions that are used
by more than one media type.
MediaType.FromHeader
Property of media for which types are assumed according to the content type
field of the headers sent with the media
Headers are read and evaluated in a standardized format. To filter headers in
their original formats, you can use the Header.Get property.
MediaType.IsSupported
Property of embedded or archived media that can be extracted by the opener
module of the appliance.
List.OfMediaType.IsEmpty
Property of media with types that are not on an internal list
Stream Detector settings
The Stream Detector settings are used to configure the module that calculates the probability for web objects
that they are streaming media.
Streaming Detector
Setting for the module that calculates streaming media probabilities
116
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
SSL Client Certificate Handling settings
14
Table 14-26 Streaming Detector
Option
Definition
Minimal probability Sets the probability (in percent, specified by a number from 0 to 100) that is sufficient for a
web object to be considered as streaming media.
SSL Client Certificate Handling settings
The SSL Client Certificate Handling settings are used for configuring client certificates that are sent to web
servers in SSL-secured communication.
SSL Client Certificate Handling
Settings for configuring SSL client certificates
Table 14-27 SSL Client Certificate Handling
Option
Definition
Use client certificate from
Known client certificates list
if client has proven
ownership
When selected, the client certificate that is sent to a web server in SSL-secured
communication is taken from the list of known client certificates.
However, the certificate is only taken from this list if it is proven that the client
whose request the appliance forwards to a server is the owner of this certificate.
After selecting this radio button, the Known Client Certificates section appears, which
provides settings for configuring a list of certificates.
Always use predefined client When selected, the same client certificate is always sent to a web server in
certificate
SSL-secured communication.
After selecting this radio button, the Predefined Client Certificate section appears, which
provides settings for configuring a single certificate
Known client certificates
Settings for configuring a list of known client certificates that can be sent to a web server
Table 14-28 Known client certificates
Option
Definition
List of known client certificates Provides a list of client certificates that can be sent to a web server in
SSL-secured communication.
The following table describes the elements of an entry in the list of known client certificates.
Table 14-29 Known client certificates – List entry
Option
Definition
Certificate
Specifies the name of a client certificate.
Comment
Provides a plain-text comment on a certificate.
Predefined client certificate
Settings for configuring a client certificate that is always sent to a web server
McAfee Web Gateway 7.8.0
Interface Reference Guide
117
14
Web filtering
SSL Scanner settings
Table 14-30 Predefined client certificate
Option
Definition
Subject, Issuer, Validity,
Extensions
Provides information on the client certificate that is currently used for sending to a
web server.
Import
Opens the Import Client Certificate window for importing a client certificate.
After the import, information on the client certificate appears under Subject, Issuer,
and in the other information fields.
Export
Opens your local file manager to let you store a client certificate in a suitable
location.
Export Key
Opens your local file manager to let you store the private key for a client certificate in
a suitable location.
Certificate Chain
Displays a certificate chain if one has been imported with a client certificate.
SSL Scanner settings
The SSL Scanner settings are used for configuring the way certificates are verified and content inspection is
enabled for SSL-secured web traffic.
Enable SSL Scanner
Settings for configuring certificate verification or the enabling of content inspection
Table 14-31 Enable SSL Scanner
Option
Definition
SSL scanner function
Selects the function that is performed by the SSL Scanner module.
• Certificate verification — When selected, the module verifies certificates submitted in
SSL-secured communication.
• SSL inspection — When selected, the module inspects the content of web objects
transmitted in SSL-secured communication.
SSL protocol version
When selected, the module inspects the content of web objects transmitted in
SSL-secured communication.
• TLS 1.0 — When selected, TLS (Transport Layer Security) version 1.0 is used.
• SSL 3.0 — When selected, SSL version 3.0 is used .
Server cipher list
Specifies a string of Open SSL symbols used for decrypting server data.
The SSL Scanner module uses different strings for default certificate verification and
for verifying certificates from servers that do not support the EDH (Ephemeral
Diffie-Hellman) method.
SSL session cache TTL
Limits the time (in seconds) for keeping the parameter values of a session in
SSL-secured communication stored in the cache to the specified value.
Allow handshake and
renegotiation with servers
that do not implement RFC
5746
When selected, the SSL Scanner module performs these activities also in
communication with web servers that fail to comply with the specified standard.
Allow Alternative Handshakes
Settings for handshakes in SSL-secured communication that use alternative parameter values
118
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
SSL Client Context with CA settings
14
Table 14-32 Allow Alternative Handshakes
Option
Definition
Use alternative handshake When selected, the SSL Scanner module uses alternative parameter values after the
first attempt to perform a handshake in SSL-secured communication has failed.
settings after handshake
failure
SSL protocol version
Selects the version of the protocol the SSL Scanner module follows when it performs
an alternative handshake.
• TLS 1.0 — When selected, TLS (Transport Layer Security) version 1.0 is used
• SSL 3.0 — When selected, SSL version 3.0 is used
Server cipher list
Specifies a string of Open SSL symbols used for decrypting server data.
The SSL Scanner module uses different strings for default certificate verification and
for verifying certificates from servers that do not support the EDH (Ephemeral
Diffie-Hellman) method.
SSL Client Context with CA settings
The SSL Client Context with CA settings are used to configure the sending of certificates with information about the
certificate authority to the clients of a Web Gateway appliance.
Define SSL Client Context (Certificate Authority)
Settings for sending a certificate to the clients with information about the certificate authority
McAfee Web Gateway 7.8.0
Interface Reference Guide
119
14
Web filtering
SSL Client Context with CA settings
Table 14-33 Define SSL Client Context (Certificate Authority)
Option
Definition
(Current
certificate and
default root
certificate
authority)
Under Subject, Issuer, and other field names. information about the certificate is provided
that is currently sent to the clients of an appliance in SSL-secured communication.
Information is also provided about the root certificate authority (root CA) that signed this
certificate.
After the initial setup, the certificate is signed by the default root certificate authority. This
certificate authority is McAfee.
The certificate is therefore called a self-signed certificate, as McAfee signed a certificate
for one of their own products. Self-signed certificates are not trusted by all partners in
SSL-secured communication.
For further administration of the SSL functions on Web Gateway, we recommend that you
create your own root certificate authority.
Use the Generate New option to create this certificate authority.
Certificate Authority
Provides several options for performing activities that are related to a certificate authority.
• Generate New — Opens a window for generating a new certificate authority.
• Import — Opens a window for importing a certificate authority.
The window provides an option for importing a file with information about a certificate
authority and the certificate that was signed by it.
Additionally, you can include a file with information about the chain of certificate
authorities that were involved in the validation process.
The file with information about the certificate chain can be a file that you
created and stored in the file system before.
In this case, the file will contain information about the following:
• The certificate that an appliance sends as server to its clients
• The intermediate certificate authorities, one of which signed the certificate,
while the others each validated another certificate authority
• The root certificate authority, which is the first instance that validated
another certificate authority
When importing a certificate chain file, you must make sure that it only
contains information about the intermediate certificate authorities.
All other information must be removed from the file. Otherwise the import will
fail.
• Export — Lets you browse to a location within your file system that you can export a
certificate authority file to.
• Export key — Lets you browse to a location within your file system that you can export
the key file for a certificate authority to.
120
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
SSL Client Context with CA settings
14
Table 14-33 Define SSL Client Context (Certificate Authority) (continued)
Option
Definition
Send certificate chain When selected, the appliance sends information on the chain of certificates and certificate
authorities that were involved in the process of validating a certificate with this certificate
to its clients.
To retrieve this information, you must include the certificate chain when using the option
for importing a certificate authority.
The appliance sends the certificate that is configured here as a server to its clients. The
certificate is therefore also referred to as the server certificate.
The server certificate is considered to exist on level 0. When a certificate authority signs
this certificate to validate it, it is done on level 1.
When an additional certificate authority validates the first certificate authority, it is done
on level 2. With each additional certificate authority that is involved, the level increases by
one.
Certificate chain
Provides information on a certificate chain.
After importing a certificate authority file with information about the certificate chain, the
information appears in this field.
Use custom domain
key
When selected, a key is sent with the certificate that you have configured on your own.
Custom domain key
Provides the following options for handling a custom domain key.
This key is used for sending certificates throughout the domain of a Web Gateway
appliance.
• Import Key — Lets you browse to a location within your file system that you can import a
custom domain key file from.
• Export Key — Lets you browse to a location within your file system that you can export a
custom domain key file to.
Digest
Provides a list for selecting a digest mode.
RSA server key size
Limits the size of the key file for a certificate.
Certificates that are
signed by the CA are
valid for
Limits the time (in days) that a certificate signed by the certificate authority configured
here is valid.
Client cipher list
Specifies a string of Open SSL symbols used for decrypting client data.
SSL session cache
TTL
Limits the time (in seconds) that SSL session parameters are stored in the cache.
Perform insecure
renegotations
When selected, Web Gateway renegotiates the parameters for the SSL-secured
communication even if this is insecure to do.
Send empty plain-text When selected, an empty plain-text fragment is sent with the certificate to the clients.
fragment
Allow legacy
signatures in the
handshake
When selected, legacy signatures are allowed in the initial handshake.
SSL protocol version
Selects the version of the protocol that the SSL scanning module follows when dealing
with handshakes.
• TLS 1.2 — When selected, TLS (Transport Layer Security) version 1.2 is used.
• TLS 1.1 — When selected, TLS (Transport Layer Security) version 1.1 is used.
• TLS 1.0 — When selected, TLS (Transport Layer Security) version 1.0 is used
• SSL 3.0 — When selected, SSL version 3.0 is used.
McAfee Web Gateway 7.8.0
Interface Reference Guide
121
14
Web filtering
SSL Client Context without CA settings
SSL Client Context without CA settings
The SSL Client Context without CA settings are used to configure the sending of certificates with no information
about the certificate authority to the clients of a Web Gateway appliance.
Define SSL Client Context (Without Certificate Authority)
Settings for sending a certificate to the clients with no information about the certificate authority
Table 14-34 Define SSL Client Context (Without Certificate Authority)
Option
Definition
Select server certificate by host Provides a list of certificates that are sent to the clients and the host systems that
or IP
they have been retrieved from. A host system is identified by a host name or an IP
address.
The certificates are sent from an appliance in its role as a server to the clients.
The certificates are therefore referred to as server certificates.
Table 14-35 Select server certificate by host or IP — List entry
Option
Definition
Host
Specifies the host name or IP address of the host system that a certificate is retrieved from.
Server Certificate Provides information on the certificate that is currently sent from an appliance in its role as a
server to its clients.
When adding an entry for a new certificate to the list, you can generate or import the
certificate. Options for performing these activities are provided in the window for adding a list
entry under Server Certificate.
• Generate — Opens a window for generating a new certificate.
• Import — Opens a window for importing a certificate.
The window provides an option for importing a file with information about a certificate.
Additionally, you can include a file with information about the chain of certificate authorities
that were involved in the validation process.
The file with information about the certificate chain can be a file that you created
and stored in the file system before.
In this case, the file will contain information about the following:
• The certificate that an appliance sends as server to its clients
• The intermediate certificate authorities, one of which signed the certificate,
while the others each validated another certificate authority
• The root certificate authority, which is the first instance that validated another
certificate authority
When importing a certificate chain file, you must make sure that it only contains
information about the intermediate certificate authorities.
All other information must be removed from the file. Otherwise the import will fail.
• Export — Lets you browse to a location within your file system that you can export a
certificate authority file to.
• Export key — Lets you browse to a location within your file system that you can export the
key file for a certificate authority to.
HSM
122
Provides information on a Hardware Security Module that is used to protect the certificate
information.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
Certificate Chain settings
14
Table 14-35 Select server certificate by host or IP — List entry (continued)
Option
Definition
Certificate chain
Provides information on the chain of certificates and certificate authorities that were involved
in the validation of the certificate that is sent to the clients.
Comment
Provides a plain-text comment on a certificate.
Table 14-36 Define SSL Client Context (Without Certificate Authority) — Continued
Option
Definition
When selected, traffic is only processed using the SSL scanning functions on the
SSL Scanner functionality
applies only to client connection connection from an appliance to its clients.
Client cipher list
Specifies a string of Open SSL symbols used for decrypting client data.
SSL session cache TTL
Limits the time (in seconds) that SSL session parameters are stored in the cache.
Perform insecure renegotations
When selected, Web Gateway renegotiates the parameters for the SSL-secured
communication even if this is insecure to do.
Send empty plain-text fragment
When selected, an empty plain-text fragment is sent with the certificate to the
clients.
SSL protocol version
Selects the version of the protocol that the SSL Scanner module follows when
dealing with handshakes.
• TLS 1.2 — When selected, TLS (Transport Layer Security) version 1.2 is used.
• TLS 1.1 — When selected, TLS (Transport Layer Security) version 1.1 is used.
• TLS 1.0 — When selected, TLS (Transport Layer Security) version 1.0 is used.
• SSL 3.0 — When selected, SSL version 3.0 is used.
Certificate Chain settings
The Certificate Chain settings are used for configuring the module that handles the building of certificate chains.
Certificate Verification
Settings for building a chain of certificates
Table 14-37 Certificate Verification
Option
Definition
List of certificate authorities
Provides a list for selecting a list of certificate authorities (CAs) that sign the
certificates in a certificate chain.
Subscribed list of certificate
authorities
Provides a subscribed list for selecting a list of certificate authorities (CAs) that
sign the certificates in a certificate chain.
Revocation checking method
order
Sets the order in which methods for checking whether a certificate has been
revoked are used.
• OSCP, CRL – The OSCP method is used before the CRL method.
• CRL, OSCP – The CRL method is used before the OSCP method.
Treat OSCP response 'unknown' When selected, a certificate with unknown status under the OSCP revocation
checking method is considered revoked.
as revoked
Automatic download of
certificates (via AIA)
McAfee Web Gateway 7.8.0
When selected, certificates missing in a chain of server certificates that are
required by a client are downloaded from the Authority Information Access (AIA)
system.
Interface Reference Guide
123
14
Web filtering
Hardware Security Module settings
Hardware Security Module settings
The Hardware Security Module settings are used to configure the handling of private keys on a Hardware Security
Module.
HSM Server
Settings for implementing an HSM solution on the Web Gateway appliance that you are currently configuring
Table 14-38 HSM Server
Option
Definition
Start local HSM
server
When selected, an HSM solution for storing and loading keys is implemented on this
appliance.
Other Web Gateway appliances in your network can connect to this appliance as clients.
The appliance then takes the role of as server towards these clients.
Crypto module
Provides a list for selecting an HSM solution.
• Thales nShield Solo/Connect — These solutions let the functions of a Hardware Security
Module be provided on a module card (nShield Solo), which is installed on a Web
Gateway appliance, or on an additional appliance (nShield Connect).
The module card and the appliance are provided by an Intel partner (Thales).
• SafeNet Network HSM (formerly LUNA SA) — This solution lets the functions of a Hardware
Security Module be provided on a remote server.
The remote server is provided by an Intel partner (Gemalto).
• OpenSSL — This solution is an emulation that runs on the appliance and uses OpenSSL to
provide the functions of a Hardware Security Module.
Keys to be loaded
Provides a list of IDs for the private keys that are stored on a Hardware Security Module
and can be loaded from there.
For every key that you want to use, you must add the key ID in string format to this list.
The key IDs are configured when private keys are generated on the Hardware Security
Module.
Allow local
connections
When selected, connections are allowed for using the functions of a Hardware Security
Module on the appliance that you are currently configuring.
Allow remote
connections
When selected, connections are allowed for letting other appliances that are configured as
clients of this appliance use the functions of a Hardware Security Module.
HSM server port
definition list
Provides a list of the ports on the appliance that takes the role of a server towards other
appliances.
Permitted clients
Provides a list of other appliances in your network that run as clients of this appliance.
These tables describe the entries in the key list and the lists of HSM server ports and permitted clients.
Table 14-39 Keys to be loaded – List entry
124
Option
Definition
String
Specifies the key ID for a private key that is stored on the Hardware Security Module.
Comment
Provides a plain-text comment on a key.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
Hardware Security Module settings
14
Table 14-40 HSM server port definition list – List entry
Option
Definition
Listener address Specifies the IP address and port number of a port on the appliance that takes the role of a
server towards other appliances.
Provides a plain-text comment on a port.
Comment
Table 14-41 Permitted clients – List entry
Option
Definition
Host
Specifies the host name or IP address of an appliance that is permitted to run as client of this
appliance.
Certificate Provides a certificate that a client submits when connecting to the server.
Comment Provides a plain-text comment on a permitted client.
Server Identification
Settings for the certificate that an appliances submits when taking the role of a server towards other appliances
that run as its clients
A certificate issued by the McAfee root CA is provided by default after the initial setup of a Web
Gateway appliance.
We recommend that you replace this certificate by a certificate of your own.
Table 14-42 Server Identification
Option
Definition
Subject, Issuer, Validity, Extensions, These fields provide information on the server certificate that is currently in
use.
Private key
Provides buttons for performing various activities that are related to a server
certificate:
Server certificate
• Generating a certificate
• Importing a certificate
• Exporting a certificate
• Exporting a certificate key
HSM Client
Settings for configuring an appliance as client of an appliance that has an HSM solution implemented
Table 14-43 HSM Client
Option
Definition
Use remote HSM server When selected, this appliance runs a client of another appliance that has an HSM
solution implemented.
Remote server
Provides a list of appliances in your network that have an HSM solution implemented
and that this appliance can connect to.
This table describes an entry in the list of remote servers.
McAfee Web Gateway 7.8.0
Interface Reference Guide
125
14
Web filtering
Hardware Security Module settings
Table 14-44 Remote server– List entry
Option
Definition
Host
Specifies the host name or IP address of an appliance in your network that takes the role of a server
towards this appliance.
Certificate Specifies the certificate that an appliance submits when connecting to a client.
Comment Provides a plain-text comment on a remote server.
Client Identification
Settings for the certificate that this appliance submits when connecting as a client to an HSM server
A certificate issued by the McAfee root CA is provided by default for this client after the initial setup
of a Web Gateway appliance.
We recommend that you replace this certificate by a certificate of your own.
Table 14-45 Client Identification
Option
Definition
Subject, Issuer, Validity, Extensions, These fields provide information on the client certificate that is currently in
use.
Private key
Provides buttons for performing various activities that are related to a client
certificate:
Client certificate
• Generating a certificate
• Importing a certificate
• Exporting a certificate
• Exporting a certificate key
Troubleshooting
Settings for troubleshooting the use of a Hardware Security Module
Table 14-46 Troubleshooting
Option
Definition
Write connection traces When selected, traffic on the connections set up for using the functions of a Hardware
Security Module are traced.
126
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
Key elements for using Advanced Threat Defense
14
Key elements for using Advanced Threat Defense
The key elements of the rules for using Advanced Threat Defense in the process of additionally scanning web
objects deal with important parts of this process.
Different key elements can be configured for the rules in the rule sets that are implemented for the additional
scanning.
•
•
•
Advanced Threat Defense — When this rule set is implemented, the following groups of key elements can be
configured:
•
Enable Advanced Threat Defense for These Supported Media Types
•
Gateway Anti-Malware Settings
•
Gateway Advanced Threat Defense Settings
ATD - Init Offline ScanAdvanced — When this rule set is implemented, the following groups of key elements
can be configured:
•
Enable Advanced Threat Defense for These Supported Media Types
•
Gateway Anti-Malware Settings
ATD - Handle Offline Scan — When this rule set is implemented, the following group of key elements can be
configured:
•
Gateway Advanced Threat Defense Settings
The key elements of these rule sets are described in the following.
Enable Advanced Threat Defense for These Supported Media Types
Key element for selecting web objects that are eligible for additional scanning by Advanced Threat Defense
Table 14-47 Enable Advanced Threat Defense for These Supported Media Types
Option
Definition
Media types to insert Clicking Edit opens a window to let you edit the Advanced Threat Defense Supported Media
Types list that is used by a rule.
Only web objects that belong to media types on this list will additionally be scanned by
Advanced Threat Defense if also the other criteria are met.
You can add, modify, and remove entries on the list.
Gateway Anti-Malware Settings
Key element for configuring the scanning by the Anti-Malware module before the additional scanning by
Advanced Threat Defense
Table 14-48 Gateway Anti-Malware Settings
Option Definition
Settings Clicking Edit opens a window to let you edit the settings for the Anti-Malware module when it runs
with the module components that are usually available on Web Gateway.
This scanning is performed before any scanning by Advanced Threat Defense. Depending on the
result of this scanning, additional scanning by Advanced Threat Defense is performed or not.
Gateway Advanced Threat Defense Settings
Key element for configuring additional scanning by Advanced Threat Defense
McAfee Web Gateway 7.8.0
Interface Reference Guide
127
14
Web filtering
Gateway ATD settings
Table 14-49 Bypass scanning for these agents and hosts
Option Definition
Settings Clicking Edit opens a window to let you edit the settings for the Anti-Malware module on Web
Gateway when the scanning is actually performed by Advanced Threat Defense.
Gateway ATD settings
The Gateway ATD settings are used for configuring the use of Advanced Threat Defense for scanning web objects
that have been passed on to it from Web Gateway.
Select Scanning Engines and Behavior
Settings for selecting a combination of scanning engines and their behavior in case one of them detects an
infection
Table 14-50 Select Scanning Engines
Option
Definition
Full McAfee coverage: The recommended
high-performance configuration
When selected, the McAfee Gateway Anti-Malware engine is
active.
This option is selected by default.
Layered coverage: Full McAfee coverage plus specific
Avira engine features — minor performance impact
When selected, the McAfee Gateway Anti-Malware engine
and, for some web objects, also the third-party Avira engine
are active.
Duplicate coverage: Full McAfee coverage and Avira
engine — less performance and more false positives
When selected, the McAfee Gateway Anti-Malware engine
and the third-party Avira engine are active.
Avira only: Only uses Avira engine — not recommended When selected, only the Avira engine is active.
McAfee Advanced Threat Defense only: Send files to an
MATD appliance for deep analysis through sandboxing
When selected, only scanning by Advanced Threat Defense is
active.
This option is by default selected.
Stop virus scanning right after an engine detected a
virus
When selected, engines stop scanning a web object as soon
as one of them has detected an infection by a virus or other
malware.
MATD Setup
Common part of the settings for configuring the use of Advanced Threat Defense
Table 14-51 MATD Setup
Option
Definition
User name
Specifies the user name that Web Gateway submits when trying to connect to
Advanced Threat Defense.
Password
Specifies the password that Web Gateway submits when trying to connect to
Advanced Threat Defense.
Clicking Set opens a window for setting the password.
Server list
128
McAfee Web Gateway 7.8.0
Provides a list of servers that Advanced Threat Defense runs on.
Interface Reference Guide
Web filtering
Gateway ATD settings
14
Table 14-51 MATD Setup (continued)
Option
Definition
List of certificate
authorities
Provides a drop-down list for selecting a list of known certificate authorities
Severity threshold to
indicate a malicious file
Sets a threshold for the severity grade of the malicious features that is detected in a
web object, for example, a file, when scanned by Advanced Threat Defense.
These certificate authorities will be used to refer to when communication between
Web Gateway and Advanced Threat Defense is going on in SSL-secured mode under
the HTTPS protocol.
If this threshold is reached, the object is classified as malicious and the value of the
Antimalware.Infected property is set to true.
The threshold is set on slider scale with values ranging from 0 to 5 (very high severity).
Reuse previous detection,
McAfee Web Gateway will
retrieve latest report from
MATD based on the hash
of the file
Maximum detection age
When selected, the severity grade that was found for a web object at its last scanning
by Advanced Threat Defense is used for classifying it as malicious or not.
When this option is selected, the following option becomes accessible.
Sets the maximum time (in minutes) that a severity grade for a web object can be
used to classify the object as malicious or not.
The allowed time range is 1 to 999999 minutes.
The default maximum time is 30 minutes.
Reuse running task if same When selected, a running task is used for evaluation if it is the same web object that
is analyzed.
sample is analyzed
Send client IP to MATD
server
When selected, the IP address of a client that has sent a request for downloading a
web object is sent to the server on which Advanced Threat Defense is running.
The following table describes an entry in the server list.
Table 14-52 Server list – List entry
Option
Definition
String
Specifies the name of a server that Advanced Threat Defense runs on.
Comment
Provides a plain-text comment on a server.
Network Setup
Settings for configuring the connection to the server that Advanced Threat Defense runs on
McAfee Web Gateway 7.8.0
Interface Reference Guide
129
14
Web filtering
Data Loss Prevention (Classifications) settings
Table 14-53 Network Setup
Option
Definition
Connection timeout Sets the time (in seconds) that elapses before the connection to a server is closed when no
response is received from it.
The default time is 5 seconds.
Scan timeout
Sets the time (in minutes and seconds) that Advanced Threat Defense is allowed for
scanning a web object.
If this time is exceeded, Web Gateway records it as an error.
Minutes — Time allowed in minutes
Seconds — Time allowed in seconds
The default time is 10 minutes.
Poll interval
Sets the time interval (in seconds) that elapses before the next attempt is made to retrieve
information from Advanced Threat Defense about the progress made in scanning a web
object.
The default time is 20 seconds.
Data Loss Prevention (Classifications) settings
The Data Loss Prevention (Classifications) settings are used for configuring entries in classification lists that
specify sensitive or inappropriate content.
DLP Classifications Parameters
Settings for configuring the use of classification lists when searching for sensitive or inappropriate content
Table 14-54 DLP Classifications Parameters
Option
Definition
Tracking policy
Sets the scope of the search for sensitive or inappropriate content in the body text of
requests and responses.
The search is carried out for all classifications that have been selected. You can, however,
configure it in the following ways:
• Minimum — The search stops when an instance of sensitive or inappropriate content has
been found for a particular classification or if no instance could be found. It is then
continued for the next classification.
This goes on until all classifications have been processed.
• Maximum — The search tries to find all instances of sensitive or inappropriate content for
a particular classification. When the search is completed for a classification, it continues
with the next.
This goes on until all classifications have been processed.
DLP Classifications Provides a list for selecting entries in classification lists from the system lists provided under
DLP Classification on the lists tree.
The following table describes an entry in the DLP Classifications list
130
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
Data Loss Prevention (Dictionaries) settings
14
Table 14-55 DLP Classifications Parameters – List entry
Option
Definition
DLP Classification
Provides information about detecting sensitive or inappropriate content.
Comment
Provides a plain-text comment on an entry.
Advanced Parameters
Settings for configuring advanced functions for data loss prevention
Table 14-56 Advanced Parameters
Option
Definition
Reported context width Limits the number of characters shown around a matching term in a list to the specified
value.
The matching term is the value of the DLP.Classification.Matched.Terms property.
Context list size
Limits the number of matching terms shown in a list to the specified value.
The matching terms are the values of the DLP.Classification.Matched.Terms property.
Data Loss Prevention (Dictionaries) settings
The Data Loss Prevention (Dictionaries) settings are used for configuring text and wildcard expressions that
specify sensitive or inappropriate content.
DLP Dictionary Parameters
Settings for configuring text and wildcard expressions specifying sensitive or inappropriate content
Table 14-57 DLP Dictionaries Parameters
Option
Definition
Tracking policy Sets the scope of the search for sensitive or inappropriate content in the body text of requests
and responses.
The search is carried out for all dictionary entries that have been created. It can, however, be
configured in the following ways:
• Minimum — The search stops when an instance of sensitive or inappropriate content has
been found for a particular dictionary entry or if no instance could be found. It is then
continued for the next entry.
This goes on until all entries have been processed.
• Maximum — The search tries to find all instances of sensitive or inappropriate content for a
particular dictionary entry. When the search is completed for an entry, it continues with the
next.
This goes on until all entries have been processed.
Dictionary
Provides a list for entering text strings and wildcard expressions that are sensitive or
inappropriate content or match with it.
The following table describes an entry in the Dictionary list.
McAfee Web Gateway 7.8.0
Interface Reference Guide
131
14
Web filtering
ICAP Client settings
Table 14-58 Dictionary – List entry
Option
Definition
Text or wildcard expression Specifies a text string or wildcard expression that is sensitive or inappropriate content
or matches with it.
Provides a plain-text comment on a text string or wildcard expression.
Comment
Advanced Parameters
Settings for configuring advanced functions for data loss prevention
Table 14-59 Advanced Parameters
Option
Definition
Reported context width Limits the number of characters shown around a matching term in a list to the specified
value.
The matching term is the value of the DLP.Dictionary.Matched.Terms propertyLimits the number of matching terms shown in a list to the specified value.
Context list size
The matching terms are the values of the DLP.Classification.Matched.Terms property.
ICAP Client settings
The ICAP Client settings are used for configuring communication in REQMOD mode between an ICAP client on
the appliance and ICAP servers.
ICAP Service
Settings for ICAP servers that the ICAP client on the appliance sends requests to
Table 14-60 Select Scanning Engines
Option
Definition
List of ICAP Servers Provides a list for selecting a list of servers that are used in ICAP communication.
Requests coming in from ICAP clients are distributed to the servers in the selected list in
round-robin mode. For this purpose, the list is checked in intervals of 60 seconds.
The following table describes an entry for an ICAP server in a server list.
Table 14-61 Entry in a list of ICAP servers
Option
Definition
URI
Specifies the URI of an ICAP server.
Format: ICAP://<IP address>:<port number>
132
Respect max concurrent
connections limit
When selected, the ICAP client on the appliance does not open more
connections at the same time for sending requests than the ICAP server can
handle.
Comment
Provides a plain-text comment on an ICAP server.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Web filtering
ReqMod for Cloud settings
14
ReqMod for Cloud settings
The ReqMod for Cloud settings are used for configuring lists of servers when ICAP communication is going on in
the Reqmod mode.
ICAP Service
Settings for ICAP servers
Table 14-62 ICAP Service
Option
Definition
List of ICAP servers
Provides a list of ICAP server lists to select from.
The following list is available by default.
• ReqMod server for Cloud
Add
Opens the Add List window for adding a list of ICAP server lists.
Edit
Opens the Edit List (ICAP Server) window for editing the selected list of ICAP servers.
Select deployment
type for these
settings
Lets you select the type of client that will connect to any of the ICAP servers on these lists.
• On premise — Only clients that run on premise using Web Gateway will connect.
This option is for use in a configuration with clients running on premise.
• Cloud — Only clients that run in the cloud using McAfee Web Gateway Cloud Service will
connect.
This option is for use in a configuration with clients running in the cloud.
• Hybrid — Clients that run on premise as well as those that run in the cloud will connect.
This option is for use in a configuration with some clients running on premise and
others running in the cloud.
The following table describes an entry in the ReqMod server for Cloud list.
Table 14-63 ICAP Service
Option
Definition
URI
Specifies the URI for an ICAP server using the following format:
icap[s]://<IP address>|<fully qualified domain name>[:port][/<
ICAP method>]
The list contains the following entry for an ICAP server by default:
icap://0.0.0.0:1344
When selected, the limit for the maximum number of concurrent ICAP connections
Respect maximum
concurrent connections limit will not be exceeded.
Comment
McAfee Web Gateway 7.8.0
Provides a plain-text comment on a server list.
Interface Reference Guide
133
14
Web filtering
ReqMod for Cloud settings
134
McAfee Web Gateway 7.8.0
Interface Reference Guide
15
Supporting functions
Contents
Cache settings
Progress Page settings
Data Trickling settings
Composite Opener settings
Bandwidth Control settings
Next Hop Proxy settings
Add Next Hop Proxy settings
Protocol Detector settings
Cache settings
The Cache settings are module (engine) settings for configuring the behavior of the web cache on Web Gateway.
The following particular settings are provided for the Cache module after the initial setup.
•
Cache HTTP — Default settings
Cache HTTP settings
The Cache HTTP settings are the module settings that are by default available after the initial setup of Web
Gateway for configuring the Cache module.
Protocols
Settings for the specifying the protocols that web traffic should be cached under
Table 15-1 Protocols
Option
Definition
Cache HTTP
When selected, web traffic running under HTTP is cached.
This option is selected by default.
Cache HTTPS
When selected, web traffic running under HTTPS is cached.
Extend Caching Criteria
Settings for modifying the caching behavior to increase the rate, including the following groups of options.
Use Cache
Settings for controlling the use of the web cache
McAfee Web Gateway 7.8.0
Interface Reference Guide
135
15
Supporting functions
Progress Page settings
Table 15-2 Use Cache
Option
Definition
Include dynamic URLs, i. e. URLs with
parameters
When selected, dynamic URLs are cached.
If the request contains web server
authentication
When selected, URLs from requests that include web server authentication
data are cached
To avoid unfavorable results, we recommend replacing the Always
criteria in a rule that enables the web cache with more specific
criteria.
For example, the criteria might specify that web caching is only
enabled for particular hosts, using the URL.Host property.
Deliver Content from Cache Even
Settings for allowing the delivery of cached content
Table 15-3 Deliver Content from Cache Even
Option
Definition
If the request indicates not to use cached content When selected, cached URLs are delivered contrary to what a
request specified.
Write Content to Cache Even
Settings for controlling the use of the web cache
Table 15-4 Write Content to Cache Even
Option
Definition
If the response indicates not to cache content When selected, URLs are cached contrary to what a response
specified.
If the response includes "Vary" header
When selected, URLs are cached regardless of a Vary header in a
response.
If the response is too new
When selected, URLs sent in very recent responses are cached.
Progress Page settings
The Progress Page settings are used for configuring the progress page that is shown to users when they are
downloading web objects.
Progress Page Parameters
Settings for the progress page
Table 15-5 Progress Page Parameters
Option
Definition
Templates
Provides settings for the templates that are used by the progress page.
Timeouts
Provides settings timeouts that are related to the progress page.
Templates
Settings for the templates used by the progress page
136
McAfee Web Gateway 7.8.0
Interface Reference Guide
Supporting functions
Data Trickling settings
15
Table 15-6 Templates
Option
Definition
Language
Provides settings for selecting the language of the progress page.
• Auto (Browser) — When selected, the message is in the language of the browser that the
blocked request was sent from.
• Force to — When selected, the message is in the language chosen from the list that is
provided here.
• Value of ‘Message.Language’ property — When selected, the message is in the language that is
the value of the Message.Language property
This property can be used for creating a rule.
Collection
Provides a list for selecting a template collection.
• Add — Opens the Add Template Collection window for adding a template collection.
• Edit — Opens the Template Editor for editing a template collection.
Template name for
progress bar page
Provides a list for selecting a template.
• Add — Opens the Add Template window for adding a template.
• Edit — Opens the Template Editor for editing a template,
Template name for
download finished
page
Provides a list for selecting a template.
• Add — Opens the Add Template window for adding a template
• Edit — Opens the Template Editor for editing a template
Template name for
download canceled
page
Provides a list for selecting a template.
• Add — Opens the Add Template window for adding a template.
• Edit — Opens the Template Editor for editing a template.
Timeouts
Settings for the timeouts that are related to the progress page
Table 15-7 Templates
Option
Definition
Delay for redirects to progress page Limits the time (in seconds) that elapses before the progress page appears to
the specified value.
File availability time before
download
Limits the time (in minutes) that elapses before a file is no longer available to
a user before the download to the specified value.
File availability time after download
Limits the time (in minutes) that elapses before a file is no longer available to
a user after the download to the specified value.
Data Trickling settings
The Data Trickling settings are used for configuring the data trickling process that is applied when a user has
started the download of a web object.
Data Trickling Parameters
Settings for the portions of a web object that are forwarded in data trickling mode
McAfee Web Gateway 7.8.0
Interface Reference Guide
137
15
Supporting functions
Composite Opener settings
Table 15-8 Data Trickling Parameters
Option
Definition
Size of first chunk Specifies the size (in bytes) of the first chunk of a web object that is forwarded using the data
trickling method.
Forwarding rate
Specifies the portion of a web object that is forwarded every five seconds.
The forwarding rate is the thousandth part of the entire volume that is to be forwarded
multiplied by the value you configure here.
Composite Opener settings
The Composite Opener settings are used for configuring how the Composite Opener module (engine) performs file
opening.
Bandwidth Control settings
The Bandwidth Control settings are used for configuring bandwidth throttling using classes.
Bandwidth Control
Setting for enabling bandwidth throttling using classes
Table 15-9 Bandwidth Control
Option
Definition
Enable Bandwidth Control
When selected, bandwidth throttling using classes can be performed.
Bandwidth Classes
Settings for configuring the classes used in bandwidth throttling
Table 15-10 Bandwidth Classes
Option
Definition
Bandwidth classes
Provides a list of bandwidth classes.
Interface names
Provides a list of the interfaces that bandwidth throttling using classes is performed on.
The following tables describe the entries in the Bandwidth classes and Interface names lists.
Table 15-11 Bandwidth classes – List entry
Option
Definition
Active
When selected, the bandwidth class is in use.
Class name
Specifies the name of the bandwidth class.
Parent class
Specifies the name of the bandwidth class that is the parent of this bandwidth class.
The speed limits for a parent class are never applied to data transfers. Only the limits for
any of the child classes at the lowest hierarchy level, which are themselves not parent
classes, are applied.
138
McAfee Web Gateway 7.8.0
Interface Reference Guide
Supporting functions
Bandwidth Control settings
15
Table 15-11 Bandwidth classes – List entry (continued)
Option
Definition
Priority
Sets the priority that the bandwidth class takes compared to other classes on the same
hierarchy level.
Values for this priority can be integers ranging from 0 to 99. 0 is the highest priority.
Minimum bandwidth Sets the lower limit of the speed (in Kbps) that data falling in this bandwidth class is
transferred with.
Make sure that the sum of the minimum transferring speeds configured for the child classes
of a parent class does not exceed the maximum transferring speed configured for the
parent class.
Maximum bandwidth Sets the upper limit of the speed (in Kbps) that data falling in this bandwidth class is
transferred with.
Provides a plain-text comment on the bandwidth class.
Comment
Table 15-12 Interface names – List entry
Option
Definition
Device
Specifies the name of an interface.
Comment
Provides a plain-text comment on the interface.
Static Filtering Rules
Settings for configuring bandwidth throttling using classes when data transfer that is not performed using the
proxy functions of Web Gateway.
Table 15-13 Static Filtering Rules
Option
Definition
Bandwidth filters
Provides a list of static rules for bandwidth throttling using classes.
The following table describes an entry in the Bandwidth filters list.
Table 15-14 Bandwidth filters – List entry
Option
Definition
Active
When selected, the bandwidth class that is configured in this rule is in use.
Class name Specifies the name of the bandwidth class.
This name must be the name of a class that has been configured before for throttling the
bandwidth of traffic using the proxy functions of Web Gateway.
Parent class Specifies the name of the bandwidth class that is the parent of this bandwidth class.
The speed limits for a parent class are never applied to data transfers. Only the limits for any of the
child classes at the lowest hierarchy level, which are themselves not parent classes, are applied.
Device
Specifies the network interface on Web Gateway that bandwidth throttling is performed on.
If the same network interface is configured for a static bandwidth rule and a bandwidth rule for
proxy traffic, the static bandwidth rule configuration takes priority.
This means that the transferring speed limits of the class that is configured for the static
bandwidth rule are applied to traffic going on over that network interface. The speed limits of the
class in the bandwidth rule for proxy traffic are not applied.
Match
Selects whether bandwidth throttling is applied to upstream or downstream traffic.
McAfee Web Gateway 7.8.0
Interface Reference Guide
139
15
Supporting functions
Next Hop Proxy settings
Table 15-14 Bandwidth filters – List entry (continued)
Option
Definition
Value
Specifies the IP address and port for data that is uploaded or downloaded.
You can specify both an IP address and a port or either of them alone.
• IP address and port — Traffic that has this IP address and port as source or destination
(depending on the value configured under Match) is throttled.
• IP address — Traffic that has this IP address as source or destination (depending on the value
configured under Match) is throttled regardless of any port.
• Port — Traffic that has this port as source or destination (depending on the value configured
under Match) is throttled regardless of the IP address.
The port must be specified as follows:
0.0.0.0:<port number>
Comment
Provides a plain-text comment on a static filtering rule.
Next Hop Proxy settings
The Next Hop Proxy settings are used for configuring next-hop proxies to forward requests that have been
received on the appliance to the web.
Next Hop Proxy Server
Settings for next-hop proxies
Table 15-15 Next Hop Proxy Server
Option
Definition
List of next-hop proxy
servers
Provides a list for selecting a next-hop proxy server list.
Round robin
When selected, the Next Hop Proxy module uses the next-hop proxy following the one in
the list that has been used last.
When the end of the list has been reached, the first next-hop proxy in the list is again
selected.
Fail over
When selected, the Next Hop Proxy module tries the first next-hop proxy in the list first.
If the first next-hop proxy fails to respond, it is retried until the configured retry
maximum has been reached. Then the second next-hop proxy in the list is tried, and so
on, until a server responds or all are found to be unavailable.
Sticky
When selected, the Next Hop Proxy module uses the same next-hop proxy over a time
period that you can also configure.
Minimum time for
stickiness
Sets the period of time (in seconds) that the same next-hop proxy is used for forwarding
a request.
The default time period is 300 seconds.
Proxy style requests
When selected, requests in proxy style are forwarded to the requested web servers using
next-hop proxies.
This options is selected by default.
140
McAfee Web Gateway 7.8.0
Interface Reference Guide
Supporting functions
Add Next Hop Proxy settings
15
Add Next Hop Proxy settings
The Add Next Hop Proxy settings are used for configuring a next-hop proxy that is added to a list of next-hop
proxies.
Next Hop Proxy Definition
Settings for configuring a next-hop proxy
Table 15-16 Next Hop Proxy Definition
Option
Definition
Identifier
Provides a plain-text description of the next-hop proxy.
Proxy address
Provides information on the host that the next-hop proxy resides on by specifying a
host name or IP address and a port number.
Host
Specifies the name of the host or its IP address.
Port
Specifies the number of the port on the host that listens to requests for forwarding
web traffic.
Proxy authentication
Provides information for the process of authenticating to the next-hop proxy by
specifying a user name and setting a password.
User
Specifies a user name for authenticating to the next-hop proxy.
Password
Sets a password for authenticating to the next-hop proxy.
Connection behavior
Provides information on the behavior of the next-hop proxy by specifying several
relevant parameters.
Number of retries
Limits the number of attempts to call the next-hop proxy after the first attempt failed.
The default number of retries is 1.
After final failure wait
Limits the time (in seconds) that elapses before another next-hop proxy is tried when
all attempts to call this next-hop proxy have failed.
The default time is ten seconds.
Use persistent connections When selected, the next-hop proxy uses persistent connections for forwarding web
traffic.
SOCKS Specific Parameters
Settings for configuring a next-hop proxy under the SOCKS protocol
Table 15-17 Next Hop Proxy Definition
Option
Definition
SOCKS version to use with next-hop Provides information on the protocol version that is used when a next-hop
proxy forwards web traffic under the SOCKS protocol.
proxy
Same as incoming SOCKS
connection
When selected, the next-hop proxy uses the version of the SOCKS protocol
that is used by incoming traffic.
The setting is selected by default.
SOCKS v4
When selected, the next-hop proxy uses version 4 of the SOCKS protocol.
SOCKS v5
When selected, the next-hop proxy uses version 5 of the SOCKS protocol.
McAfee Web Gateway 7.8.0
Interface Reference Guide
141
15
Supporting functions
Protocol Detector settings
Protocol Detector settings
The Protocol Detector settings are used for configuring the module (or engine) for handling activities that are
related to processing traffic under the SOCKS protocol.
Protocol Detector Options
Setting for the Protocol Detector module
Table 15-18 Protocol Detector Options
Option
Definition
Determine next-hop proxy after
receiving embedded data
When selected, the Protocol Detector module enables a next-hop proxy for
forwarding SOCKS traffic under the HTTP or HTTPS protocol when this traffic is
received on Web Gateway and it is detected that this traffic also follows one of
these two protocols.
The option is not selected by default.
142
McAfee Web Gateway 7.8.0
Interface Reference Guide
16
User messages
Contents
Authenticate settings
Block settings
Redirect settings
Templates tab
Template Editor
Authenticate settings
The Authenticate settings are used for configuring the way the Authenticate action is executed when a filtering
rule with that action applies.
Failed Login Message Template
Settings for configuring user messages and a block reason for logging purposes
Table 16-1 Failed Login Message Template
Option
Definition
Language
Provides settings for selecting the language of a user message.
• Auto (Browser) — When selected, the message is in the language of the browser that the
blocked request was sent from.
• Force to — When selected, the message is in the language chosen from the list that is
provided here.
• Value of Message.Language property — When selected, the message is in the language that is
the value of the Message.Language property.
This property can be used for creating a rule.
Template collection
Provides a list for selecting a template collection.
• Add — Opens the Add Template Collection window for adding a template collection.
• Edit — Opens the Template Editor for editing a template collection.
Template name
Provides a list for selecting a template.
• Add — Opens the Add Template window for adding a template.
• Edit — Opens the Template Editor for editing a template.
McAfee Web
Reporter block
reason ID
Provides a numerical value that identifies a block reason.
Block reason
States the block reason in plain text.
McAfee Web Gateway 7.8.0
Interface Reference Guide
143
16
User messages
Block settings
Block settings
The Block settings are used for configuring the way the Block action is executed when a filtering rule with that
action applies.
Language and Template Settings
Settings for configuring user messages and a block reason for logging purposes
Table 16-2 Language and Template Settings
Option
Definition
Language
Provides settings for selecting the language of a user message.
• Auto (Browser) — When selected, the message is in the language of the browser that the
blocked request was sent from.
• Force to — When selected, the message is in the language chosen from the list that is
provided here.
• Value of Message.Language property — When selected, the message is in the language that is
the value of the Message.Language property.
This property can be used for creating a rule.
Template collection
Provides a list for selecting a template collection.
• Add — Opens the Add Template Collection window for adding a template collection.
• Edit — Opens the Template Editor for editing a template collection.
Template name
Provides a list for selecting a template.
• Add — Opens the Add Template window for adding a template.
• Edit — Opens the Template Editor for editing a template.
McAfee Web
Reporter block
reason ID
Provides a numerical value that identifies a block reason.
Block reason
States the block reason in plain text.
Redirect settings
The Redirect settings are used for configuring the way the Redirect action is executed when a filtering rule with
that action applies.
Redirect Settings
Settings for configuring user messages and a block reason for logging purposes
Table 16-3 Redirect Settings
Option
Definition
Redirect.URL
When selected, the value of the Redirect.URL property is the URL that is used for
redirecting.
This property can be used in a suitable rule.
144
User-defined URL
When selected, the redirecting URL must be specified by you
Redirect URL
Specifies the URL for a redirecting URL.
McAfee Web Gateway 7.8.0
Interface Reference Guide
User messages
Templates tab
16
Table 16-3 Redirect Settings (continued)
Option
Definition
Language
Provides settings for selecting the language of a user message.
• Auto (Browser) — When selected, the message is in the language of the browser that the
blocked request was sent from.
• Force to — When selected, the message is in the language chosen from the list that is
provided here.
• Value of Message.Language property — When selected, the message is in the language that
is the value of the Message.Language property.
This property can be used for creating a rule.
Template collection
Provides a list for selecting a template collection.
• Add — Opens the Add Template Collection window for adding a template collection.
• Edit — Opens the Template Editor for editing a template collection.
Template name
Provides a list for selecting a template.
• Add — Opens the Add Template window for adding a template.
• Edit — Opens the Template Editor for editing a template.
McAfee Web Reporter
block reason ID
Provides a numerical value that identifies a block reason.
Block reason
States the block reason in plain text.
Templates tab
Use the Templates tab to work with templates for messages to Web Gateway users.
Figure 16-1 Templates tab
McAfee Web Gateway 7.8.0
Interface Reference Guide
145
16
User messages
Template Editor
You can access this tab from the Policy top-level menu.
The content of the tab also appears within the Template Editor. This editor opens when you select an action
setting from the settings tree and click Edit for a template or template collection under Language and Template
Settings.
Template Editor
The Template Editor is a component of the user interface that allows you to work with templates for messages to
the users of your network. The editor also provides templates for customizing the SSO application launchpad
and logon pages and for SAML communication with an external Identity Provider.
Templates
Shows the existing templates in a tree structure.
The following table describes the Templates options.
Table 16-4 Templates
Option
Definition
Template
groups
The templates are arranged in groups, which are also known as template collections. Each
collection is stored in a top-level folder of the tree structure.
The following template collections are available by default:
• Default Schema — Provides user message templates that you can customize.
• Single Sign On Schema — Provides templates for SAML authentication requests
(SAMLRequest.html) and responses (SAMLRedirectToAuth.html) sent to and received from
an external Identity Provider, respectively.
• SAML Request Schema — Provides templates for customizing the application launchpad and
logon pages.
Templates
Templates can exist in different language versions and formats.
All language versions and formats for a particular template are stored in a subfolder under the
template name, for example, Anti-Malware Engine Overload.
Within each template folder, a subfolder for each language version is available for the
template. A language version folder stores individual templates in different formats.
The available formats are HTML and .txt.
For example, the Anti-Malware Engine Overload folder contains:
• en — Subfolder with English versions of the template
• html — Template in HTML format
• txt — Template in .txt format
By default, there is an English version for each template in HTML format, while most templates
are also available in .txt format.
When you click a template format, the template content appears on the HTML Editor pane.
Expand icon
146
Expands all collapsed items on the templates tree.
McAfee Web Gateway 7.8.0
Interface Reference Guide
User messages
Template Editor
16
Table 16-4 Templates (continued)
Option
Definition
Collapse icon
Collapses all expanded items.
Right-click a
collection,
template,
language
version, or
format
Opens a menu with the following options. The selection of the options varies with the item
that is right-clicked.
• Add Template Collection — Opens a window for adding a collection folder.
• Add Template — Opens a window for adding a template folder.
The new template folder contains a language version folder for the language that you
selected when adding the folder and empty templates in the selected formats.
• Add Index File — Opens a window for adding a language version folder that does not belong
to a particular template folder.
This folder is placed immediately under a collection folder. It contains empty templates in
the formats that you selected.
• Add Content File — Opens a window for adding a language version folder within a particular
template folder.
The new folder contains empty templates in the formats that you selected.
• Import Template Files — Opens a window for importing templates.
• Export Template Files — Opens a window for exporting templates.
• Clone — Opens a window for inserting a copy of a collection or template folder with content
under a new name.
• Change — Opens a window for changing a language version.
• Rename — Opens a window for renaming a template folder.
• Delete — Deletes an item.
A window opens to let you confirm the deletion.
File System
Shows the existing templates, as well as image and other files that are related to templates, in a tree structure.
The following table describes the File System options.
McAfee Web Gateway 7.8.0
Interface Reference Guide
147
16
User messages
Template Editor
Table 16-5 File System
Option
Definition
Template groups
The templates are arranged in groups. Each group is stored in a top-level folder of the
tree structure.
The following template groups are available by default:
• SAML
• default
• singleSignOn
Templates, images,
and other related files
Within each group folder, templates are stored in alphabetical order within language
version folders, while image files are stored in a separate folder.
Other related files can be stored in a group folder outside the language version and
image folders.
For example, the default group folder contains:
• en — Subfolder with English versions of all existing templates
If a template exists in both HTML and .txt formats, these are stored one after
another.
• img — Subfolder with all existing image files
• Related files, such as index and style sheet files
When you click a template format, the template content appears on the HTML Editor
pane.
Opens the following menu:
Add
• New File — Opens a window for adding a file.
• New Directory — Opens a window for adding a directory.
• Existing File or Directory — Opens the local file manager for selecting and adding a file
or folder.
Opens the following menu:
Edit
• Rename — Opens a window for renaming an item.
• Delete — Deletes an item.
A window opens to let you confirm the deletion.
Cut
Copies and deletes a selected item.
Copy
Copies a selected item.
Paste
Pastes a cut out or copied item.
Expand icon
Expands all collapsed items on the file system tree.
Collapse icon
Lets all expanded items collapse.
Right-clicking an item opens a menu with the preceding options, except for the expand and collapse
options. Options that do not apply for an item are grayed out.
HTML Editor
Displays the content of the template that is selected on the Templates or File System pane for editing.
The following table describes the HTML Editor options.
148
McAfee Web Gateway 7.8.0
Interface Reference Guide
User messages
Template Editor
16
Table 16-6 HTML Editor
Option
Definition
Add
Opens the following menu:
• Resource Reference — Opens a window for entering the path to a resource, such as an
image or other graphical element, that is inserted into a template.
• Property — Opens a window for adding a property that appears as a variable in a
template, for example, $URL$.
Edit
Opens the following menu:
• Cut — Copies and deletes a selected portion of template content.
• Copy — Copies a selected portion.
• Paste — Pastes a copied portion.
• Delete — Deletes a selected portion.
• Select All — Selects the complete template content.
Show Source
Shows or hides the HTML source code of a template (toggle button).
Languages
drop-down list
Lets you select the language of the preview.
Preview
Shows a preview of a template.
Viewer
Displays the image contained in a selected image file.
The Viewer is made available (instead of the HTML Editor) when an image file is selected on the file system tree.
The following table describes the Viewer options.
Table 16-7 Viewer
Option
Definition
Zoom In
Enlarges an image.
Zoom Out
Shrinks an image.
Fit to Window
Lets an image fill out the Viewer pane completely.
Original Size
Displays an image in its original size again.
McAfee Web Gateway 7.8.0
Interface Reference Guide
149
16
User messages
Template Editor
150
McAfee Web Gateway 7.8.0
Interface Reference Guide
17
Cloud single sign-on
Contents
Generic HTTP connector settings
Generic SAML2 connector settings
LDAP authentication settings for SAML single sign-on
Using a web service as the data source for SAML single sign-on
Using a database as the data source for SAML single sign-on
Using an LDAP server as the data source for SAML single sign-on
SAML authentication request settings
SAML authentication response settings
Generic IceToken connector settings
Key elements for configuring cloud single sign-on
Single Sign On lists and settings
Generic HTTP connector settings
To configure a connector to an HTTP service or application using the generic HTTP connector template, provide
values for the settings in the following table. Not all settings are required for every HTTP service. Some services
and situations require more advanced settings, such as dynamic HTTP services.
Table 17-1 Generic HTTP connector settings
Option
Definition
Sign-on Requests
Dynamic
service
When selected, specifies a connector to a dynamic HTTP cloud service or application.
POST
Select an HTTP method:
• POST — (Default) Specifies that the form is generated using the selected content type and
sent in the body of the HTTP request.
• GET — Specifies that all information is sent in the URL string.
Content type
(POST) Specifies how the form data is encoded. Select an option:
• application/x-www-form-urlencoded — (Default) Use this option most of the time.
• multipart/form-data — Use this option when sending large amounts of form data.
https://
Specifies the Service Provider URL where the form data is sent.
We strongly recommend securing the logon form data by using the HTTPS protocol.
McAfee Web Gateway 7.8.0
Interface Reference Guide
151
17
Cloud single sign-on
Generic HTTP connector settings
Table 17-1 Generic HTTP connector settings (continued)
Option
Definition
regex
(optional)
Specifies a regular expression that can detect variations on the Service Provider URL. For
example, the regular expression https://www.mycompany.com/login.* can detect the
following URLs:
• https://www.mycompany.com/login
• https://www.mycompany.com/login?session=abc
You can use this option to detect POST transactions to dynamic HTTP cloud services.
Form Fields
Maps attribute names from the Identity Provider source (the SSO service) to the Service
Provider target (the cloud service or application). Configure one form field for each attribute
sent in the form.
At least one form field is required.
• Set (parameter) — Specifies the name of the attribute that is sent in the form. This value must
be the name of an attribute that the cloud service or application is expecting.
• to (source) — Specifies the source of the attribute value. Select one:
• Constant — Specifies that the attribute has a constant value. Provide the constant value in
the value field.
• Credential Store — Specifies that the attribute is stored in the credential store that comes
integrated with Web Gateway. Provide the name of the attribute in the attribute field. This
name can differ from the name of the attribute in the cloud service or application.
Attributes commonly mapped from Identity Provider to Service Provider include user name
and password. Always map the attribute that uniquely identifies the user in the IdP source to
the SP target.
• Mask — (Proxy mode) When selected, the attribute's real value is replaced with a token value,
then sent to the client computer used by the user. When the form is sent from the client
computer to the server, the token value is replaced with the real value.
This option is selected by default when the source attribute is the password.
Login Pages
(Optional) Specifies the page where users log on to the cloud service or application.
• https:// — Specifies the URL of the logon page.
• regex (optional) — Specifies a regular expression that can detect variations on the logon page
URL.
You can use this option to detect modified URLs formed by dynamic HTTP cloud services when
redirecting users to the logon page.
• form locator Javascript (optional) — Specifies the location of the form on the logon page when
there are multiple forms on the page using JavaScript.
• submit action Javascript (optional) — Specifies an alternative form submit action using JavaScript.
Dynamic HTTP cloud services require one logon page. Some cloud services require more than
one logon page. For example, you might need to configure separate logon pages for mobile and
desktop browsers.
152
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
Generic SAML2 connector settings
17
Table 17-1 Generic HTTP connector settings (continued)
Option
Definition
Login Fields
(Optional) Specifies the names of the fields on the logon page. You only need configure the
names of the logon fields when they are different from the names of the form fields. In this
case, the source configuration is the same. Only the name in the parameter field changes to
match the name on the logon page.
• Set (parameter) — Specifies the name of the field on the logon page.
• to (source) — Specifies the source of the attribute value. The source configuration for the
form field and the logon field is the same. Select one:
• Constant — Specifies that the attribute has a constant value. Provide the constant value in
the value field.
• Credential Store — Specifies that the attribute is stored in the credential store that comes
integrated with Web Gateway. Provide the name of the attribute in the credential store field
name field. This name can differ from the name of the attribute in the cloud service or
application.
• element locator Javascript (optional) — Specifies the location of the corresponding form field using
Javascript when the form fields are not unique.
• Mask — (Proxy mode) When selected, the attribute's real value is replaced with a token value,
then sent to the client computer used by the user. When the form is sent from the client
computer to the server, the token value is replaced with the real value.
This option is selected by default when the source attribute is the password.
Add Sign on
Request
When clicked, allows you to configure different values for a SSO request to the same HTTP
service or application.
Launchpad Fields
Launchpad
Fields
Specifies the launchpad fields that allow users to manage their credentials for the HTTP service.
For each form field whose source is the credential store, you configure one launchpad field.
• From the drop-down list, select the type of input field to render on the launchpad:
• Email — The text must be in the form of a valid email and is displayed in the field.
• Number — The text must consist of numbers and is displayed in the field.
• Password — The text is masked as it is entered in the field.
• Text — The text is displayed in the field.
• prompt — Specifies the prompt to display for the field.
• validation regex (optional) — Specifies a custom regular expression that validates the text
entered by the user.
Generic SAML2 connector settings
To configure a connector to a SAML 2.0 service or application using the generic SAML2 connector template,
provide values for the settings in the following table.
Metadata consists of the SAML settings provided by the Service Provider. When configuring a generic SAML2
connector, you can enter the metadata manually or provide the URL from where the metadata can be
downloaded automatically.
McAfee Web Gateway 7.8.0
Interface Reference Guide
153
17
Cloud single sign-on
Generic SAML2 connector settings
Table 17-2 SAML credential mapping
Option
Definition
Subject
The SAML subject uniquely identifies the user who is seeking access to a cloud service or
application. The SAML subject is specified as a source-value pair. From the drop-down list, select a
source:
• Constant — Specifies that the subject has a constant value. Type the constant value in the value
field.
• Authentication result — Specifies that the subject has the value of an attribute. Type the name of the
attribute in the Authentication result field.
The attribute name is the name of the entry in the JSON object containing the user’s information.
Attributes (Optional) Specifies one or more user attributes that are passed as name-value pairs with the SAML
subject in the SAML assertion to the Service Provider.
Set — (parameter) Specifies the attribute name sent in the SAML assertion. This value is the attribute
name that the Service Provider is expecting.
to — (source) Specifies the attribute value sent with the attribute name in the SAML assertion. The
attribute value is specified as a source-value pair. From the drop-down list, select a source:
• Constant — Specifies that the value sent in the SAML assertion is set to the constant typed in the
value field.
• Authentication result — Specifies that the value sent in the SAML assertion is set to the value of the
attribute named in the Authentication result field.
To view a list of standard LDAP attribute names, click the icon next to this field.
Table 17-3 Metadata — Automatically download metadata
Option
Definition
Metadata URL Specifies the URL where you can download the SAML metadata in XML format.
The format must conform to the SAML metadata specification.
Entity ID
154
Uniquely identifies the Service Provider. This value is specified by the entityID attribute inside
the tags at the top of the SAML metadata file.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
Generic SAML2 connector settings
17
Table 17-4 Metadata - Specify metadata manually
Option
Definition
Assertion Consumer ACS URL — Specifies the URL of the service where SAML assertions are sent and consumed.
Service (ACS)
(Optional)
IdP-initiated SSO
(Optional)
Enabled — When selected, enables Identity Provider-initiated single sign-on. The Service
Provider must support IdP-initiated single sign-on.
Relay state — Specifies the page in the cloud service or application that opens when single
sign-on is successful.
SP-initiated SSO
(Optional)
Enabled — When selected, enables Service Provider-initiated single sign-on. The Service
Provider must support SP-initiated single sign-on.
SP issuer — Specifies the name of the Service Provider that receives the SAML
authentication request and initiates single sign-on.
SSO URL — (Pure SP-initiated SSO) Specifies the URL of the Service Provider to which Web
Gateway redirects the SAML authentication request when only SP-initiated single sign-on is
supported.
Signature — (Optional) Specifies the X.509 certificate corresponding to the private key that
the Service Provider uses to sign SAML authentication requests. Web Gateway uses the
certificate to verify the signatures.
Before you can select the certificate from the Signature drop-down list, you must:
1 In the Service Provider interface, download the certificate.
2 In the Web Gateway interface, import the certificate.
Table 17-5 Metadata — SAML Assertion
Option
Definition
Signature key From the drop-down list, select the X.509 certificate key pair whose private key Web Gateway
uses to sign SAML assertions.
Before you can select the key pair from the drop-down list, you must import it in the Web Gateway
interface.
Issuer
Specifies a name that identifies Web Gateway as the SAML assertion issuer.
McAfee Web Gateway 7.8.0
Interface Reference Guide
155
17
Cloud single sign-on
Generic SAML2 connector settings
Table 17-6 Advanced
Option
Definition
Subject
Name ID format — From the drop-down list, select the option that identifies the format of the
subject sent in the SAML assertion.
Example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
For more information, see the OASIS SAML 2.0 specification: Assertions and Protocols for the
OASIS Security Assertion Markup Language (SAML) V2.0.
1 To open the document, click http://docs.oasis-open.org/security/saml/v2.0/
saml-core-2.0-os.pdf.
2 In the open document, look for the section Name Identifier Format Identifiers.
Authentication
Statement
Authentication method — From the drop-down list, select the authentication context class that
identifies the method used to authenticate the subject sent in the SAML assertion.
Example: urn:oasis:names:tc:SAML:2.0:ac:classes:Password
For more information, see the OASIS SAML 2.0 specification: Authentication Context for the OASIS
Security Assertion Markup Language (SAML) V2.0.
1 To open the document, click http://docs.oasis-open.org/security/saml/v2.0/
saml-authn-context-2.0-os.pdf.
2 In the open document, look for the section Schemas.
Time stamp
Format — To select a format for the date-time stamp, click the configure button. The options
are:
• yyyy-MM-dd'T'HH:mm:ss'Z' (default)
• yyyy-MM-dd'T'HH:mm:ss.SSS'Z' (includes milliseconds)
156
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
LDAP authentication settings for SAML single sign-on
17
Table 17-6 Advanced (continued)
Option
Definition
Conditions
Audiences — (Optional) Allows you to limit the audience to one or more SAML assertion
consumers. To specify an audience:
1 Click the Add icon.
2 In the Audience URI field, type the Service Provider issuer string. You can obtain this value
from the Service Provider.
Clock skew (seconds) — Specifies a value that offsets small differences in time between clocks
on different servers, such as the Identity Provider and Server Provider servers. This value is
used when calculating the SAML assertion's expiration time.
Default value: 20
Lifetime (seconds) — Specifies a lifetime value to use when calculating the SAML assertion's
expiration time. When the expiration time is exceeded, the SAML assertion is invalid. Using
this setting can prevent replay attacks.
Default value: 60
Signature
Method — From the drop-down list, select a signature method:
• Sign Entire Response — Specifies that Web Gateway signs the entire SAML response.
• Sign Assertions — Specifies that Web Gateway signs only the SAML assertion in the SAML
response.
Signature generation method — From the drop-down list, select an algorithm to use when
generating the signature:
• rsaWithSha1
• rsaWithSha256
LDAP authentication settings for SAML single sign-on
You can configure the Authentication module settings for one or more LDAP servers as the data source for
SAML single sign-on. When one server is not available, the authentication module supports fallback to another
server.
To locate these settings, select Policy | Settings | Engines | Authentication. Then click the Add icon located above the
Settings tree.
Table 17-7 LDAP authentication settings for SAML single sign-on
Option
Name
Definition
Specifies the name of the authentication module settings.
Example: LDAP for SAML SSO
Authentication method
From the drop-down list, select LDAP.
LDAP server(s) to connect to
Add at least one LDAP server and specify the server's URI.
Format: [ldap[s]://]server[:port]
List of certificate authorities
(Secure LDAP connection protocol) From the drop-down list, select a certificate
authority.
Credentials
Specifies the user name required for connecting to the LDAP server.
Password
Specifies the password required for connecting to the LDAP server.
McAfee Web Gateway 7.8.0
Interface Reference Guide
157
17
Cloud single sign-on
Using a web service as the data source for SAML single sign-on
Table 17-7 LDAP authentication settings for SAML single sign-on (continued)
Option
Definition
Base distinguished name to
user objects
Specifies the distinguished name of the entry in the LDAP tree where the search
for users is started.
Format: attribute=value{, attribute=value}
Map user name to DN
When selected, allows you to configure a filter expression.
Filter expression to locate a
user object
Specifies an LDAP expression used to filter entries and find a user, where %u is a
placeholder for the user name.
Active Directory example: (samaccountname=%u)
OpenLDAP example: (cn=%u)
Format: (attribute operator value) | (operator filter1 filter2)
Get user attributes
When selected, allows you to configure user attributes.
User attributes to retrieve
The following attributes are required by all SAML connectors. Add them to the list
of user attributes to retrieve.
• mail — Specifies an email address.
• cn — (commonName) Specifies the first name followed by the last name.
• gn — (givenName) Specifies the first name.
• sn — (surname) Specifies the last name.
Using a web service as the data source for SAML single sign-on
You can configure the External Lists settings to fetch data for SAML single sign-on from any web service that
supports the JSON format.
To locate these settings, select Policy | Settings | Engines | External Lists. Then click the Add icon located above the
Settings tree.
Option
Definition
Name
Specifies the name of the external lists settings.
Example: Web service for SAML SSO
Data source type
From the drop-down list, select Web Service.
Data type
From the drop-down list, select JSON.
Web service's URL
Specifies the URL of the web service.
Example: https://webservice.com:5984/users/${0}
where users specifies a table containing user information
and ${0} is a placeholder for the user ID that is passed to the web service.
Using a database as the data source for SAML single sign-on
You can configure the External Lists settings to fetch data for SAML single sign-on from a database.
To locate these settings, select Policy | Settings | Engines | External Lists. Then click the Add icon located above the
Settings tree.
The following settings are for a SQLite3 database.
158
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
Using an LDAP server as the data source for SAML single sign-on
Option
Definition
Name
Specifies the name of the external lists settings.
17
Example: Database for SAML SSO
Data source type
SQL Query
From the drop-down list, select Database.
Specifies the SQL query that fetches the data from the database:
select firstname as gn, lastname as sn, email as mail from users
where uid = '${0}';
where ${0} is a placeholder for the user ID that is passed to the database.
The attribute names in the database are mapped to the names configured in the SAML
connector.
Type of Database
From the drop-down list, select SQLite3.
File path to SQLite3
database
Specifies the path to the SQLite3 database.
Using an LDAP server as the data source for SAML single sign-on
You can configure the External Lists settings to fetch data for SAML single sign-on from an LDAP server. Using
these settings, you can configure only one LDAP server as the data source.
To locate these settings, select Policy | Settings | Engines | External Lists. Then click the Add icon located above the
Settings tree.
Option
Definition
Name
Specifies the name of the external lists settings.
Example: LDAP server for SAML SSO
Data source type
From the drop-down list, select LDAP.
LDAP server's URL
Specifies the URL of the LDAP server.
Format: ldap[s]://server[:port]
User name
Specifies the user name required for connecting to the LDAP server.
LDAP password
Specifies the password required for connecting to the LDAP server.
Search DN
Specifies the distinguished name of the entry in the LDAP tree where the search for
users is started.
Search scope
From the drop-down list, select Sub tree.
Search filter
Specifies an LDAP expression used to filter entries and find a user.
Example: (uid=${0})
where ${0} is a placeholder for the user ID that is passed to the database.
Attribute
Specify all attributes required by SAML connectors:
Additional LDAP attributes
to retrieve (only for JSON
type)
• mail — Specifies an email address.
• cn — (commonName) Specifies the first name followed by the last name.
• gn — (givenName) Specifies the first name.
• sn — (surname) Specifies the last name.
McAfee Web Gateway 7.8.0
Interface Reference Guide
159
17
Cloud single sign-on
SAML authentication request settings
SAML authentication request settings
Specify a unique name for the Service Provider (Web Gateway) and the URL of the external Identity Provider.
Table 17-8 SAML authentication request
Option Definition
EntityID
Specifies a unique name for the Service Provider that sends the SAML authentication request (Web
Gateway).
IdP URL Specifies the URL of the external Identity Provider where the authentication request is sent.
SAML authentication response settings
The SAML authentication response configuration specifies the values that you configure at the Identity Provider.
Table 17-9 SAML authentication response
Option
Definition
Response must be When selected, specifies that the SAML response must be signed.
signed
Assertion must be When selected, specifies that the SAML assertion must be signed.
signed
Import
When clicked, allows you to browse for and import the X.509 certificate file provided by the
external Identity Provider. When the certificate file is imported, the certificate values are
displayed in the Authn Response window.
EntityID
Specifies a unique name for the external Identity Provider that issues the SAML
authentication response.
This value and the value of the <saml2:Issuer> element in the response must match.
Response must be When selected, specifies that the current local time must be greater than or equal to the
value of the notBefore attribute in the <saml2:Conditions> element in the response.
already valid
Negative clock
skew
(Response must be already valid) Extends the notBefore attribute setting in the response
by the specified value.
Positive clock
skew
Extends the notAfter attribute setting in the response by the specified value.
Audience must be Specifies that the <saml2:Audience> element must be included in the response.
set in the response
160
Audience must
match predefined
value
Specifies that the value of the <saml2:Audience> element in the response must match the
value specified in the Audience URI or ACS URL fields in the configuration.
Audience URI
(Audience must match predefined value) Specifies the URI of the intended audience, which is
the authentication server.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
Generic IceToken connector settings
17
Table 17-9 SAML authentication response (continued)
Option
Definition
Destination
Specifies the URI of the address to which the external Identity Provider sends the response.
ACS URL
Specifies the URL of the Assertion Consumer Service provided by the authentication server
(which consumes the SAML assertion in the response).
If the external Identity Provider does not support dynamic URLs, configure a static ACS URL.
Otherwise, leave this setting blank. If set, this value must match the ACS URL value configured
in the Prepare Fixed ACS URL rule.
Configure the static ACS URL using one of the following formats.
• Any Web Gateway URL
• A URL having the following format which the proxy recognizes as the authentication
server:
http[s]://<proxy>:<port>/mwg-internal/<internal-path-id>/plugin?
target=Auth&reason=Auth&setCookie=true
Where <proxy> and <port> specify the IP address and port number of the proxy,
respectively, and <internal-path-id> specifies the internal path id.
To look up the internal path id, select Configuration | Proxies | Advanced Settings.
Generic IceToken connector settings
To configure a connector to a .NET or Java web application using the generic IceToken connector template,
provide values for the settings in the following table.
Table 17-10 Credentials
Option
Definition
Subject
The IceToken subject uniquely identifies the user who is seeking access to a .NET or Java web
application. The IceToken subject is specified as a source-value pair. From the drop-down list, select
a source:
• Constant — Specifies that the subject has a constant value. Type the constant value in the value
field.
• Authentication result — Specifies that the subject has the value of an attribute. Type the name of the
attribute in the Authentication result field.
The attribute name is the name of the entry in the JSON object containing the user’s information.
Attributes (Optional) Specifies one or more user attributes that are passed as name-value pairs with the
IceToken subject in the IceToken assertion to the Service Provider.
Set — (parameter) Specifies the attribute name sent in the IceToken assertion. This value is the
attribute name that the Service Provider is expecting.
to — (source) Specifies the attribute value sent with the attribute name in the IceToken assertion. The
attribute value is specified as a source-value pair. From the drop-down list, select a source:
• Constant — Specifies that the value sent in the IceToken assertion is set to the constant typed in the
value field.
• Authentication result — Specifies that the value sent in the IceToken assertion is set to the value of
the attribute named in the Authentication result field.
To view a list of standard LDAP attribute names, click the icon next to this field.
McAfee Web Gateway 7.8.0
Interface Reference Guide
161
17
Cloud single sign-on
Key elements for configuring cloud single sign-on
Table 17-11 Assertion Consumer Service (ACS)
Option
Definition
ACS URL
Specifies the URL of the service where IceToken assertions are sent and consumed.
ACS bindings
Specifies the HTTP method used to send IceToken assertions:
• POST — Specifies the HTTP POST method.
• Redirect — Specifies the HTTP GET method.
Table 17-12 IceToken Assertion
Option
Definition
Signature key From the drop-down list, select the X.509 certificate key pair whose private key Web Gateway
uses to sign IceToken assertions.
Before you can select the key pair from the drop-down list, you must import it in the Web Gateway
interface.
Issuer
Specifies a name that identifies Web Gateway as the IceToken assertion issuer.
Table 17-13 Conditions
Option
Definition
Audiences
(Optional) Allows you to limit the audience to one or more IceToken assertion consumers.
To specify an audience:
1 Click the Add icon.
2 In the Audience URI field, type the Service Provider issuer string. You can obtain this value
from the Service Provider.
Clock skew
(seconds)
Specifies a value that offsets small differences in time between clocks on different servers.
This value is used when calculating the IceToken assertion's expiration time.
Default value: 20
Lifetime (seconds)
Specifies a lifetime value to use when calculating the IceToken assertion's expiration time.
When the expiration time is exceeded, the IceToken assertion is invalid. Using this setting
can prevent replay attacks.
Default value: 60
Key elements for configuring cloud single sign-on
The key elements view of the Single Sign On rule set allows you to modify commonly used SSO settings.
SSO Settings
The SSO settings allow you to configure the Single Sign On module. The SSL Scanner settings ensure that all SSO
communication with the launchpad is secured with the HTTPS protocol. When single sign-on is implemented in
proxy mode, the SSL Scanner module must also be enabled.
Table 17-14 SSO settings
Option
Definition
SSO settings
Clicking Edit opens the default settings used by the Single Sign On module.
SSL Scanner settings Clicking Edit opens the certificate settings that allow you to secure SSO communication
with the launchpad.
162
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
Key elements for configuring cloud single sign-on
17
SSO Services
These settings allow you to configure lists of connectors to services users are allowed to access.
Table 17-15 SSO services
Option
Definition
Services for authenticated
users
Clicking Edit opens the Default SSO Services list of connectors to services individual
users are allowed to access. You can add connectors to and remove connectors
from this list.
Shared SSO services
Clicking Edit opens the Shared SSO Services list of connectors to services, which
users who share an account are allowed to access. You can add connectors to and
remove connectors from this list.
Host Names for Easy Login
These settings allow you to configure host names for use in place of Service IDs.
Table 17-16 Host name mapping
Option
Definition
Host name mapping Clicking Edit opens the SSO Host to Service ID mapping list, where you can map host names to
Service IDs. When the mappings are configured, users can access cloud services by entering
one of the following short URLs in the browser address window:
• http://<hostname>
• https://<hostname>
Support SAML & IceToken SSO
These settings allow you to configure an LDAP data fetching method for single sign-on to cloud services and
applications that use the SAML or IceToken authentication method.
Table 17-17 Support SAML & IceToken SSO
Option
Definition
Enable Support for SAML & When selected, enables single sign-on to services and applications that use the SAML
or IceToken authentication method.
IceToken SSO
Get Additional Attributes
via
Select an LDAP data fetching method:
• LDAP — Specifies using the Authentication module to fetch data from one or more
LDAP servers.
The Authentication module supports fallback when multiple LDAP servers are
configured.
• LDAP as External List — Specifies using the External Lists module to fetch data from a
single LDAP server.
LDAP Settings
Clicking Edit opens the Authentication module settings, where you can configure one
or more LDAP servers as the data source.
LDAP as External List
Settings
Clicking Edit opens the External Lists module settings, where you can configure one
LDAP server as the data source.
OTP Usage (One Time Passwords)
These settings allow you to configure and require OTP authentication.
McAfee Web Gateway 7.8.0
Interface Reference Guide
163
17
Cloud single sign-on
Single Sign On lists and settings
Table 17-18 OTP usage (one-time passwords)
Option
Definition
Need OTP to access services When selected, specifies that a one-time password is required for single sign-on in
addition to a primary authentication method.
OTP server settings
Clicking Edit opens the OTP settings.
OTP delivery method
Selecting an option specifies how the one-time password is delivered:
• Generated OTP (Pledge) — Pledge, an OTP client on a desktop computer or mobile
device, generates the one-time password.
• Delivered OTP — The OTP server generates the one-time password and delivers it by
email or SMS.
Services that require OTP
Clicking Edit opens the OTP Secured SSO Services list, where you can add services to the
list.
Single Sign On lists and settings
The Single Sign On module retrieves values and parameters for the SSO properties and events used by the rules
in the Single Sign On rule set according to the settings you configure. Some of the settings used by the module
are configured as lists.
Single Sign On lists
Some of the settings used by the Single Sign On module are configured as lists.
SSO Host to Service ID Mapping
This list lets you map a name that is easy to remember (host name) to the service ID of a configured connector.
The user types the host name in the address field of a web browser. Then the Single Sign On module looks up
the host name in the map and finds the service ID. Internally, the host name and service ID are stored as a list
of key-value pairs.
This feature is especially useful for custom connectors whose service ID, which is assigned by the module, has a
numeric value.
To locate this list, select Policy | Lists | Custom Lists | MapType.
Table 17-19 SSO host to service ID mapping
Option Definition
Key
Allows you to specify a name for a configured connector that is easy to remember.
Example: MyConnector
Value
Specifies the service ID of the configured connector. You can look up the service ID in the SSO
Catalog.
SSO Services
The Single Sign On module comes with default lists that you can configure to determine which cloud services
users are allowed to access. You can also create and configure your own access control lists.
To locate these lists, select Policy | Lists | Custom Lists | SSO Connector.
164
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
Single Sign On lists and settings
17
Table 17-20 SSO services
List name
Definition
Default SSO Services
Specifies a default list of configured connectors to cloud services that a user is
allowed to access.
OTP Secured SSO Services Specifies a list of configured connectors to cloud services that require OTP
authentication in addition to a primary authentication method.
Shared SSO Services
Specifies a list of configured connectors to cloud services that users who share an
account are allowed to access.
SSO Catalog
In the SSO Catalog, you can view information about the predefined and custom cloud connectors. You can
configure new connectors from templates and view them in the list of custom connectors.
To locate these lists, select Policy | Lists | System Lists | SSO Catalog.
Table 17-21 SSO Catalog
Option
Definition
Icon
The default icon is the logo that identifies the cloud service or application for which the connector
is configured. For custom connectors, you can replace the default icon with a custom image.
Name
Specifies the name of the predefined or custom connector.
• Predefined connectors — The name, which is the same as the service ID, is assigned by the
module.
• Custom connectors — The name is assigned by the administrator who configures the connector
instance.
Description (Optional) Describes each connector instance.
Categories Specifies the type of service that the cloud service or application provides the user. You can modify
the default value or configure multiple categories.
Examples: Business Intelligence, Content Management, Security
Service ID
Uniquely identifies each connector.
• Predefined connectors — The identifier is the name of the cloud service or application.
Example: ABIresearch
• Custom connectors — The identifier is a number assigned by the module.
Example: 229
Types
Specifies the authentication method used by the cloud service or application for which the
connector is configured.
Values: HTTP, SAML2
Single Sign On settings
The Single Sign On module retrieves values and parameters for the SSO properties and events used by the rules
in the Single Sign On rule set according to the settings you configure.
To locate the default SSO settings, select Policy | Settings | Engine | Single Sign On | Default.
Single Sign On
Specify the settings needed for connecting to the SSO service provided by Web Gateway.
McAfee Web Gateway 7.8.0
Interface Reference Guide
165
17
Cloud single sign-on
Single Sign On lists and settings
Table 17-22 Single Sign On
Option
Definition
Management
Host
Specifies the URL of the server where Web Gateway is installed and the SSO process is
running. SSO requests are addressed to this URL. Web Gateway recognizes requests received
at this URL as SSO requests. When SSO requests are received, the SSO.IsManagementRequest
property is set to true.
Default value: sso.mwginternal.com
For non-proxy mode, configure this setting as the IP address of the Web Gateway appliance. To
process requests in proxy and non-proxy modes, configure two rule sets, each rule set using a
different Management Host setting.
Language
Select an option:
• Auto (Browser) — Specifies using the browser's language setting when displaying text on the
launchpad and logon pages.
• Force to: — From the drop-down list, select the language to use when displaying text on the
launchpad and logon pages.
Collection
From the drop-down list, select a template collection, then click Edit. The Template Editor
opens.
• Default Schema — Provides user message templates that you can customize.
• SAML Request Schema — Provides templates for SAML authentication requests
(SAMLRequest.html) and responses (SAMLRedirectToAuth.html) sent to and received from
an external Identity Provider, respectively.
• Single Sign On Schema — Provides templates for customizing the application launchpad
and logon pages.
These settings can also be configured on the Templates tab.
Login Form
Enable proxy mode and import or export a private key in PEM format.
Table 17-23 Login form
Option
Definition
MWG operates inline (Requires: SSL
scanning enabled)
When selected, Web Gateway runs the SSO process in proxy (or inline)
mode.
Private Key to Sign SSO Token
You can import a private key in PEM file format for signing SAML
assertions produced by the SSO process. You can also export a private key
in PEM file format.
Advanced Settings
Configure P3P string configuration and debug logging level settings for the SSO process.
166
McAfee Web Gateway 7.8.0
Interface Reference Guide
Cloud single sign-on
Single Sign On lists and settings
17
Table 17-24 Advanced settings
Option
Definition
P3P string used for
setting SSO token
cookies
Specifies a configuration string required for the Platform for Privacy Preferences Project
(P3P). This value must match the privacy settings in the end user's browser. Usually, you
can use the default value: CP="NOI CUR OUR STP STA".
The default value must be modified for Internet Explorer. If the P3P string is not correctly
set, SSO processing fails.
Log level (Requires:
SSO log rule set)
From the drop-down list, select a log level:
• Off — Logging is turned off.
• Error — Only error messages are logged.
• Access — Error and informational messages are logged to the SSO access log file.
• Full — All messages are logged to the SSO trace log file.
To enable SSO logging, import the SSO Log rule set from the Logging rule set group in the
Rule Set Library.
If you set the log level to Full, verify that the Trace Log rule set is enabled.
SSO certificate and private key settings
SAML single sign-on requires X.509 certificates and private keys to sign SAML assertions and requests and to
verify SAML signatures.
SSO Certificates
The SSO process uses the X.509 certificate provided by the SAML Service Provider to verify SP requests. You can
import X.509 certificates in the SSO Certificates settings.
To locate the settings, select Policy | Settings | Engines | SSO Certificates.
Table 17-25 SSO certificates
Option
Definition
Name
Specifies a name that uniquely identifies the imported X.509 certificate in the user interface.
Import
Clicking this option allows you to browse for and select the X.509 certificate file you want to
import.
SSO Certificate After you import the certificate, the following certificate data is displayed:
• Subject — Specifies the distinguished name of the entity holding the X.509 certificate. This
value corresponds to the Service Provider.
• Issuer — Specifies the distinguished name of the certificate authority (CA) that signed the
certificate. If the subject and issuer are the same, the certificate is self-signed.
• Validity — Specifies the time period during which the certificate is valid.
• Extensions — Shows any custom fields added to the certificate, such as a comment.
McAfee Web Gateway 7.8.0
Interface Reference Guide
167
17
Cloud single sign-on
Single Sign On lists and settings
SSO Private Keys
The SSO process signs outgoing SAML assertions attesting to the end user's identity with a private key. The
SAML Service Provider uses the corresponding X.509 certificate to verify the signatures. You must generate or
import at least one X.509 certificate and private key pair to support the SAML SSO process. After generating or
importing a key pair, the certificate and private key will be available for selection from the drop-down lists in the
Web Gateway user interface.
To locate these settings, select Policy | Settings | Engines | SSO Private Keys.
Table 17-26 SSO private keys
Option
Definition
Name
Specifies a name that uniquely identifies the generated or imported X.509 certificate and
private key pair in the user interface.
Generate
Clicking this option allows you to generate an X.509 certificate and private key pair. The
following fields uniquely identify the certificate subject specified by the private key. The
certificate subject is the entity holding the certificate or your organization. When you configure
the settings, you provide values for your organization.
• Common Name (Required)
• State
• Organization (Required)
• Country
• Organizational Unit
• E-Mail Address
• Locality (Required)
Valid for — Specifies the time in years during which the certificate is valid. Comment — (Optional)
Allows you to add a comment to the certificate data.
Import
Clicking this option allows you to import an X.509 certificate and private key. Use this option if
you already have an X.509 certificate file and private key pair and want to import them in the
user interface.
Private Key &
Certificate
After you generate or import an X.509 certificate and private key pair, the following data is
displayed:
• Subject — Specifies the distinguished name of the entity holding the X.509 certificate. This
value corresponds to Web Gateway.
• Issuer — Specifies the distinguished name of the certificate authority (CA) that signed the
certificate. If the subject and issuer are the same, the certificate is self-signed.
• Validity — Specifies the time period during which the certificate is valid.
• Extensions — Shows any custom fields added to the certificate, such as a comment.
• Private Key — Shows whether the private key is present.
168
Export
Clicking this option allows you to export an X.509 certificate. The SAML Service Provider needs
this file to verify signed SAML assertions and requests.
Export Key
Clicking this option allows you to export a private key.
McAfee Web Gateway 7.8.0
Interface Reference Guide
18
Cloud storage encryption
Contents
Cloud Storage Encryption settings
Cloud Storage Encryption Support settings
Cloud Storage Encryption settings
The Cloud Storage Encryption settings are used for configuring the encryption and decryption of cloud storage
data.
Encryption Parameters
Settings for encrypting and decrypting cloud storage data
Table 18-1 Encryption Parameters
Option
Definition
Cipher
Provides a list for selecting an algorithm to encrypt and decrypt cloud storage data.
The following algorithms can be selected:
• AES 128
• AES 192
• AES 256
Cloud Storage Encryption Support settings
The Cloud Storage Encryption Support settings are used for configuring the cloud storage services that are
supported on Web Gateway when data for these services is encrypted or decrypted.
Supported Cloud Storage Services
Settings for cloud storage services
McAfee Web Gateway 7.8.0
Interface Reference Guide
169
18
Cloud storage encryption
Cloud Storage Encryption Support settings
Table 18-2 Supported Cloud Storage Services
Option
Definition
Cloud storage services
list
Allows you to select the cloud storage services that are supported on Web Gateway
when data for these services is encrypted or decrypted.
The following services can be selected:
• Box
• Dropbox
• Google Drive
• Microsoft SkyDrive
By default, all services are selected.
170
McAfee Web Gateway 7.8.0
Interface Reference Guide
19
Hybrid solution
Hybrid settings
When configured, the hybrid settings allow Web Gateway to connect to and communicate with McAfee WGCS.
Hybrid synchronization
The Web Gateway policy is synchronized with McAfee WGCS at the interval you specify in the hybrid settings.
You can also perform synchronization manually. Manual synchronization doesn't affect the synchronization
interval or schedule which continues as before.
Configuring the hybrid settings
The hybrid settings allow you to configure synchronization without a proxy server.
Table 19-1 Web Hybrid Configuration
Option
Definition
Synchronize policy to Cloud
When selected, allows you to configure the Web Hybrid settings and enables
the hybrid solution.
Appliance for Synchronization
From the drop-down list, select the Web Gateway appliance whose policy you
want synchronized with McAfee WGCS.
If you are running multiple appliances in a Central Management
configuration, this setting ensures that the McAfee WGCS policy is always
synchronized with the same appliance.
Cloud address
Specifies the address that Web Gateway uses to communicate with McAfee
WGCS.
Value: https://msg.mcafeesaas.com:443
Cloud administrator account name
Specifies your McAfee ePO Cloud user name.
Cloud administrator account
password
Specifies your McAfee ePO Cloud password.
Customer ID
Specifies your McAfee WGCS customer ID.
To change the password, click Set, then enter the new password and click OK.
Specifies the synchronization interval.
Local policy changes will be
uploaded within the same interval as Default: 15 minutes
defined below
Range: 10–60 minutes
Configuring the advanced hybrid settings
The advanced hybrid settings allow you to add a proxy server to the configuration.
McAfee Web Gateway 7.8.0
Interface Reference Guide
171
19
Hybrid solution
Hybrid settings
Table 19-2 Advanced Synchronization Settings
Option
Definition
Verify server certificate on SSL
connections
When selected, Web Gateway verifies the proxy server certificate for SSL
connections.
Use a proxy for synchronization
When selected, allows you to configure the proxy server settings. When the
settings are configured, the Web Gateway policy is pushed to McAfee WGCS
through the proxy server.
Proxy host
Specifies the IP address or host name of the server which is used as a proxy.
Proxy port
Specifies the port number on the proxy server that listens for Web Gateway
requests to transfer synchronization data.
Default: 8080
Proxy user
Specifies the user name that Web Gateway sends to the proxy server when
transferring synchronization data.
Proxy password
Specifies the password that Web Gateway sends to the proxy server when
transferring synchronization data.
To change the password, click Set, then enter the new password and click OK.
172
McAfee Web Gateway 7.8.0
Interface Reference Guide
20
Monitoring
Contents
Alert filtering options
Charts and tables display options
Overview of charts and tables information
Log File Manager settings
File System Logging settings
SNMP settings
ePolicy Orchestrator settings
Alert filtering options
Information about alerts on an appliance is provided under Alerts on the Alerts tab of the dashboard. You can
filter this information using several filtering options.
If an appliance is a node in a Central Management configuration, alerts for the other nodes are also shown.
Then you can also filter the nodes you want to view alerts for.
The following table describes the filtering options.
McAfee Web Gateway 7.8.0
Interface Reference Guide
173
20
Monitoring
Alert filtering options
Table 20-1 Alert filtering options
Option
Definition
Appliance
Filter
Filters alerts according to the nodes they occurred on in a Central Management configuration.
Clicking this button opens a window for selecting the nodes you want to view alerts for.
The filter applies as soon as you close the window.
Date Filter
Filters alerts according to the period of time they occurred in.
Clicking this button displays a menu for selecting the time period you want to view alerts for.
You can select one of the following:
• All
• Today
• Yesterday
• Last week
• Custom
Under Custom, you can set a start and end date on two calendars and type a start and end time
in two filter fields. The time format is hh:mm:ss, using the 24-hours notation, for example, 1 p.
m. is 13:00:00.
When an appliance is a node in a Central Management configuration and you have selected
several nodes of this configuration in the Appliance Filter, alerts are shown for these nodes.
They are shown, however, according to the date and time shown on the user interface you have
been working with on a particular node to set the Date Filter.
For example, you select Today in the Date Filter on a node in Amsterdam at 7 p. m. local time.
This means all alerts that occurred during the last 19 hours are shown. For a node in New York,
local time is 1 p. m. at the time you set the filter.
Alerts that occurred on the New York node are then shown for the last 19 hours, not for the last
13 hours, which would correspond to what Today is for the New York node.
Message
Filter
Filters alerts according to alert message types and strings within the message texts.
The filter applies as soon as you have set the filter options.
Set these options in the following way:
• Error, Warning, Information — Select the alert message type you want to view or any combination
of types.
• Filter — Optionally type a filtering term in this field. Only alerts with message texts matching
this term and the selected type or types are shown.
The search for matching terms is performed on alert entries as they are stored in an internal
database on an appliance, not as they appear on the user interface.
When alerts appear on the user interface, the alert message text can include additional parts.
For example, the word origin is added to the name of the component that is the origin of an
alert. You can, however, not use origin or other added terms to filter alerts.
174
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
Charts and tables display options
20
Charts and tables display options
There are several options for displaying the information on the Charts and Tables tab, depending on the type of
information that is provided.
Types of information are as follows:
•
Evolving data — Shows how particular parameters evolved over a selected time interval
For example, you can view how the number of blocked or allowed URL requests evolved over a selected time
interval.
•
Top scores — Shows top numbers for activities or byte volumes related to key items of the filtering process
up to the moment when you view them
What you see then is these numbers, but not how they evolved over time.
For example, you can view the URL categories that have been most often requested. Or you can view media
types ranked according to the volumes transferred when web objects of these types were downloaded.
The maximum number of items stored on an appliance for presenting top scores at a given point in time is
1500. When this number is exceeded, items that have the lowest occurrence or byte volumes are removed.
•
Other information — Shows other information presented on tables
For example, you can view the current versions of key modules (also known as engines) on an appliance,
such as the Anti-Malware module or the URL Filter module.
The following table shows the display options for the different types of information.
Table 20-2 Charts and tables display options
Option
Definition
Show last
Provides a drop-down list for selecting a time interval: 1 hour | 3 hours | ... | 1 year
Resolution
Displays the time unit used for the diagram that shows the evolution of a parameter over the
selected interval.
Resolution varies with the interval.
For example, when 1 hour is selected, the diagram uses 1 minute as the time unit, when 1 year
is selected, the diagram uses 1 day.
View
Provides a drop-down list for selecting:
• Display mode: Line | Stacked
• Average values
Refresh icon Refreshes the view.
Top
Provides a drop-down list for selecting how many of the items with the highest scores are
shown: 10 | 25 | ... | 1000
For example, the 25 URL categories that the most-often requested URLs fall in can be shown.
Refresh icon Refreshes the view.
Overview of charts and tables information
Information about web usage, filtering activities, and system behavior for an appliance is displayed on the Charts
and Tables tab of the dashboard.
The following tables provide an overview of this information.
McAfee Web Gateway 7.8.0
Interface Reference Guide
175
20
Monitoring
Overview of charts and tables information
Table 20-3 Executive Summary
Information
Description
URL Executive Summary Shows how numbers of requests evolved during the selected interval.
Requests are sorted into allowed (“good”) requests and such that were blocked.
Blocked requests are additionally sorted according to the filtering modules that caused
the blocking, such as the Anti-Malware engine, the URL engine, and others.
Clicking Edit Choosable Data Series opens a window for editing the selection of good and
blocked requests that is shown.
Categories by Hits
Shows the categories that the most-often requested URLs belonged to.
Malwares by Hits
Shows the virus and malware types that were requested most often.
Table 20-4 System Summary
Information
Description
Network Utilization
Shows how numbers of requests sent and received evolved during the selected
interval.
System Utilization
Shows how usage of hard disk, CPU, physical memory of the appliance system, and the
physical memories of the core and coordinator subsystems evolved during the
selected interval.
Update Status
Shows the versions of several modules and filter information files that are
implemented on an appliance, for example, of the Gateway Anti-Malware engine or of
the malware signature files.
Last Update
Shows when several modules of an appliance were last updated, for example, the URL
Filter module.
Open Ports
Lists the ports on an appliance that are currently listening to requests.
WCCP Services
Shows the status of WCCP services used to redirect traffic to an appliance.
Active Proxy Connections Shows how numbers of connections evolved during the selected interval.
Table 20-5 Web Traffic Summary
Information
Description
Traffic per Protocol
Shows how volumes of web traffic under the HTTP, HTTPS, HTTP2, and FTP protocols
evolved during the selected interval.
Requests per Protocol Shows how numbers of requests under the HTTP, HTTPS, HTTP2, FTP, and IFP protocols
evolved during the selected interval.
Table 20-6 ICAP Traffic Summary
Information
Description
ICAP Traffic with ICAP Clients
Shows how volumes of traffic occurring during communication with ICAP clients
in REQMOD and RESPMOD modes evolved during the selected interval.
ICAP Requests from ICAP clients Shows how numbers of requests sent by ICAP clients in REQMOD and RESPMOD
modes evolved during the selected interval.
Table 20-7 SOCKS Traffic Summary
176
Information
Description
SOCKS Traffic
Shows how volumes of traffic going on under versions 4 and 5 of the SOCKS protocol
evolved during the selected interval.
SOCKS Connections
Shows how numbers of connections for traffic going on under versions 4 and 5 of the
SOCKS protocol evolved during the selected interval.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
Overview of charts and tables information
20
Table 20-7 SOCKS Traffic Summary (continued)
Information
Description
Traffic per Protocol
Shows how volumes of traffic going on under the SOCKS protocol evolved during the
selected interval.
Volumes are shown for UDP and the protocols that could be detected as underlying the
SOCKS protocol: HTTP and HTTPS.
Volume is also shown for all other underlying protocols, which remained unfiltered, as
filtering underlying protocols of the SOCKS protocol other than HTTP or HTTPS is not
performed on Web Gateway.
Connections per
Protocol
Shows how numbers of connections for traffic going on under the SOCKS protocol
evolved during the selected interval.
Connection numbers are shown for the UDP protocol and the protocols that could be
detected as underlying the SOCKS protocol: HTTP and HTTPS.
The number of connections is also shown for all other underlying protocols, which
remained unfiltered, as filtering underlying protocols of the SOCKS protocol other than
HTTP or HTTPS is not performed on Web Gateway.
Protocol Detection per
Connection
Lists the underlying protocols of the SOCKS protocol that were most often detected for
an individual connection together with these connections.
Table 20-8 IM Traffic Summary
Information
Description
Instant Messaging Traffic
Shows how volumes of instant messaging requests evolved for different services
during the selected interval.
Instant Messaging Requests Shows how numbers of instant messaging requests evolved for different services
during the selected interval.
Instant Messaging Clients
Shows how numbers of instant messaging clients evolved for different services
during the selected interval.
Table 20-9 Traffic Volume
Information
Description
Top-Level Domains by Bytes Transferred
Lists the domains that were requested most according to the number of
bytes transferred from them.
Top-Level Domains by Number of Requests Lists the domains that were requested most often according to the
number of requests for them.
Destinations by Bytes Transferred
Lists the destinations that were requested most according to the
number of bytes transferred from them.
Destinations by Number of Requests
Lists the domains that were requested most often according to the
number of requests for them.
Source IPs by Bytes Transferred
Lists the source IP addresses that most volume was transferred to.
Source IPs by Number of Requests
Lists the source IP addresses that most requests were made from.
Table 20-10 Web Cache Statistics
Information
Description
Web Cache Efficiency
Shows how numbers of caching requests evolved during the selected interval and sorts
them into hits and misses.
Web Cache Object Count Shows how numbers of objects in the cache evolved during the selected interval.
Web Cache Usage
McAfee Web Gateway 7.8.0
Shows how usage of the cache evolved during the selected interval.
Interface Reference Guide
177
20
Monitoring
Overview of charts and tables information
Table 20-11 Malware Statistics
Information
Description
Malware URLs by Hits
Lists the URLs infected by viruses and other malware that were requested
most often.
Malware by Hits
Lists the malware types that were requested most often.
Advanced Threat Defense Requests Shows how numbers of requests for web objects that were passed on to
McAfee Advanced Threat Defense for scanning evolved during the selected
interval.
®
Shows also how numbers of requests that were blocked due to the scanning
results evolved during the selected interval.
Advanced Threat Defense Scanning Shows how the time consumed for scanning web objects by McAfee Advanced
Threat Defense evolved during the selected interval.
Time
Table 20-12 URL Filter Statistics
Information
Description
Category
Shows how numbers of requested URL categories evolved during the selected
interval.
Reputation
Shows how numbers of requests evolved during the selected interval and sorts
them according to the reputation of the requested URLs.
Categories by Hits
Lists the URL categories that were requested most often.
Sites Not Categorized by Hits Lists among the sites that are not categorized those that were requested most
often.
Malicious Sites by Hits
Lists among the sites that were found to be infected those that were requested
most often.
Top Blocked URLs
Lists among the blocked sites those that were requested most often.
Table 20-13 Media Type Statistics
Information
Description
Media Type Groups by Hits Shows how numbers of requested media type groups evolved during the selected
interval.
Types are sorted into audio files, images, and others.
Media Types by Bytes
Lists the media types that were requested most according to the number of bytes
transferred.
Media Types by Hits
Lists the media types that were requested most often according to the numbers of
successful requests for them.
Table 20-14 DLP Filter Statistics
Information
Description
DLP Classification
Shows how numbers of classifications for content that should not leave your network
evolved during the selected interval.
DLP Classification by Hits Lists the classifications that were most often used for content that should not leave
your network.
178
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
Overview of charts and tables information
20
Table 20-15 SSL Scanner Statistics
Information
Description
Certificate Incidents
Shows how numbers of incidents evolved during the selected interval.
Incidents are sorted according to the types of the events that caused them, for
example, expired certificates or common name mismatches.
Remote Private Key Operations Shows how numbers of remote private key operations for encrypting and
decrypting data evolved during the selected interval.
Remote Private Key Operations Lists the remote private key operations that were executed most often, providing
information on the keys used, the functions that were performed, and the types of
operation.
Table 20-16 Application Control Statistics
Information
Description
Categories
Shows how numbers of the different categories that requested applications
belonged to evolved during the selected interval.
Reputation
Shows how numbers of the reputation levels that were assigned to requested
applications evolved during the selected interval.
Categories by Hits
Lists the categories that occurred most often for applications that access to was
requested.belonged.
High Risk Applications by Hits Lists the applications with high-risk reputation that were most often requested for
access.
Table 20-17 Single Sign On Statistics
Information
Description
All Logins
Shows how numbers of logons to cloud applications (services) evolved during the
selected interval.
Logins per Service
Shows how numbers of logons evolved during the selected interval and sorts them
according to the cloud applications (services) that logon was performed to.
Logins per Service
Lists the cloud applications (services) that most logons were performed to.
Number of Invalid Tokens Shows how numbers of invalid tokens evolved during the selected interval.
Table 20-18 Encryption Statistics
Information
Description
Operations
Shows how numbers of encryption and decryption operations for cloud storage data and
numbers of errors that occurred during these operations evolved during the selected
interval.
Volume
Shows how volumes of encrypted and decrypted data evolved during the selected
interval.
Encryption Operations Lists the cloud storage services that were involved most often when data was encrypted
and uploaded.
Decryption Operations Lists the cloud storage services that were involved most often when data was decrypted
and downloaded.
Encryption Volume
Lists the cloud storage services that were involved most when data was encrypted
according to the volume of encrypted data.
Decryption Volume
Lists the cloud storage services that were involved most when data was decrypted
according to the volume of decrypted data.
McAfee Web Gateway 7.8.0
Interface Reference Guide
179
20
Monitoring
Overview of charts and tables information
Table 20-18 Encryption Statistics (continued)
Information
Description
Encryption Errors
Lists the cloud storage services that were involved most often when errors in encrypting
data occurred.
Decryption Errors
Lists the cloud storage services that were involved most often when errors in decrypting
data occurred.
Table 20-19 System Details
Information
Description
Network Utilization
Shows how numbers of requests sent and received evolved during the
selected interval.
CPU Utilization
Shows how CPU usage evolved during the selected interval.
Memory Usage
Shows how usage of memory evolved during the selected interval.
MWG Processes Virtual Memory Usage Shows how usage of virtual memory by processes running on Web Gateway
evolved during the selected interval.
Average System Load per CPU
Shows how average load on individual CPUs evolved during the selected
interval.
Swap Space Usage
Shows how usage of memory available for swapping data evolved during
the selected interval.
File System Utilization
Shows how usage of the file system evolved during the selected interval.
File System Utilization
Shows usage of the file system per partition.
Open TCP Ports
Shows open TCP ports with IP addresses and port numbers.
Table 20-20 Authentication Statistics
180
Information
Description
Authentication Requests
Shows how numbers of requests processed remotely, locally, or found in the
cache evolved under each authentication method during the selected
interval.
Average Request Processing Time
per Method in ms
Shows how average processing time for requests sent to a server evolved
under each authentication method during the selected interval.
Current Requests Report
Shows numbers of requests, cache hits, as well as minimum, maximum, and
average processing time for requests sent to a server.
Current Connections Status
Shows the connections that are currently active under each authentication
method.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
Overview of charts and tables information
20
Table 20-21 Performance Information
Information
Description
General
Performance
Shows how the processing time consumed on average for completing particular tasks
evolved during the selected interval.
These tasks include performing a DNS lookup, connecting to a given web server, and the
work done by the rule engine to process a request throughout all cycles.
When measuring the time consumed for DNS lookups, only lookups on external servers are
considered. Cache lookups are disregarded.
Detailed HTTP
Performance
Shows how the time consumed on average for processing a request throughout all cycles
evolved during the selected interval.
This performance information is only measured and displayed for web traffic that uses
HTTP and HTTPS connections.
The processing of a request throughout all cycles (request, response, and embedded object
cycles) is considered to be one transaction.
Average processing time is shown for complete transactions, but also for particular data
transfers going on during a transaction:
• First Byte Received from Client until First Byte Sent to Client — Shows the average
processing time consumed between receiving the first byte from a client on an appliance
and sending the first byte to this client within a transaction
• Last Byte Received from Client until Last Byte Sent to Client — Shows the average
processing time consumed between receiving the last byte received from a client on an
appliance on and sending the last byte to this client within a transaction
• First Byte Sent to Server until First Byte Received from Server — Shows the average
processing time consumed between sending the first byte from an appliance to a web
server and receiving the first byte from this server within a transaction
• Last Byte Sent to Server until Last Byte Received from Server — Shows the average
processing time consumed between sending the last byte from an appliance to a web
server and receiving the last byte from this server within a transaction
Table 20-22 DXL
Information
Description
DXL Requests Sent Shows how numbers of DXL requests and events that were sent and received, as well of
requests that failed, evolved during the selected interval.
DXL Traffic
McAfee Web Gateway 7.8.0
Shows how the volume of DXL traffic evolved during the selected interval.
Interface Reference Guide
181
20
Monitoring
Log File Manager settings
Table 20-23 Bandwidth Statistics
Information
Description
Bandwidth Statistics
per Class
Shows values for important parameters of bandwidth classes.
Values are only shown for child (also known as leaf) classes.
• Class Name — Name of a bandwidth class
• Sent — Number of bytes sent through a class
If a class is used for applying bandwidth control on more than one network interface,
this number is the sum of all bytes sent over these interfaces.
Sums regarding all network interfaces that bandwidth control is applied to are also
shown under Packets, Dropped, and Current Packet Rate.
• Packets — Number of data packets sent through a class
• Dropped — Number of data packets that were dropped at a class
• Current Bandwidth — Current bandwidth of traffic going through a class
If a class is used for applying bandwidth control on more than one network interface,
the average bandwidth achieved on all interfaces is shown.
• Current Packet Rate — Current packet rate (in pps - packets per second) for a class
Bandwidth Utilization Shows how bandwidth evolved during the selected interval for both incoming and
per Direction
outgoing traffic.
Incoming traffic is shown under Ingress, outgoing under Egress.
If more than one class is used for applying bandwidth control on the same network
interface, the average bandwidth of these classes is considered when the overall
bandwidth values for incoming and outgoing traffic are calculated.
Log File Manager settings
The Log File Manager settings are used for configuring the rotation, deletion, and pushing of log files that are
maintained by particular modules of an appliance.
Settings can be configured for log files in general and for some special types of log files, which are stored in the
Errors Log, the Update Log, and the Audit Log.
Global Log File Settings
Settings for log files in general
These settings include options for rotation and deletion of log files and for pushing them to another location.
Auto-Rotation
Settings for rotating log files automatically according to their size, the time of day, or a particular interval
Table 20-24 Auto-Rotation
182
Option
Definition
Enable auto-rotation
When selected, log files are rotated according to particular options.
Enable log file rotation if log file
size exceeds
When selected, log files are rotated according to their size (in MiB), as specified
in the input field that is provided.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
Log File Manager settings
20
Table 20-24 Auto-Rotation (continued)
Option
Definition
Enable scheduling of log file
rotation
When selected, log files are rotated according to the time of day (in hours and
minutes), as specified in the input field that is provided.
The 24-hours format is used here, for example, 1 p. m. is 13:00.
Enable scheduling interval-based When selected, log files are rotated according to a time interval, which is
log file rotation
specified in the following input fields.
• Rotation interval — Sets a number of hours for the length of a rotation interval.
• Rotation interval minutes — Sets a number of minutes on a slider scale for the
length of a rotation interval.
GZIP log files after rotation
When selected, log files are packed in the GZIP format after rotation.
Auto-Deletion
Settings for deleting log files automatically according to their size and the last time of modification
Table 20-25 Auto-Deletion
Option
Definition
Enable auto-deletion
When selected, log files are deleted according to the following options.
Enable log file deletion if log file size
exceeds
When selected, log files are deleted according to their size (in MiB), as
specified in the input field that is provided.
Enable auto-deletion of unchanged files
When selected, log files are deleted after the period of time (in days)
specified in the input field that is provided.
Auto-Pushing
Settings for pushing rotated log files automatically to another location
McAfee Web Gateway 7.8.0
Interface Reference Guide
183
20
Monitoring
Log File Manager settings
Table 20-26 Auto-Pushing
Option
Definition
Enable
auto-pushing
When selected, rotated log files are pushed from the local database on an appliance to the
server that is specified using the following options.
Destination
Specifies the network protocol, host name, and path of a server. If log files are pushed to a
file, the file name and the path to the file are specified.
The available network protocols are FTP, HTTP, HTTPS, FTPS, SFTP, and SCP.
You cannot configure the pushing of log files to Content Security Reporter (CSR) here. The
File System Logging settings must be used for this.
A variable can be added to the path name to specify the pushing process more precisely.
For example, %h can be added for the host name of the appliance that log files are pushed
from. The destination could then be specified as follows:
ftp://myftp.com/%h
When the log files are pushed, the variable is replaced with the appropriate value, which is
a host name in this example.
The variables that you can use here include:
• %h — Host name of an appliance
• %y — Current year (four digits)
• %m — Current month (one or two digits)
• %% — Used for specifying the % character (if it is to occur in a host name)
User name
Specifies the name of a user who is authorized to push log files to a server.
The variable %h can be specified for the user name. It is replaced by the host name of the
current appliance at run time.
Password
Specifies a password for the user who is authorized to push log files to a server.
Clicking Set allows you to set a new password.
Enable pushing log
files directly after
rotation
When selected, pushing follows rotation immediately.
Otherwise log files are rotated according to a time interval, which is specified in the
following input fields.
• Push interval — Sets a number of hours for the length of a push interval.
• Push interval minutes — Sets a number of minutes on a slider scale for the length of a push
interval.
Add identifier to
pushed file name
Next-hop proxies
When selected, identifying information is added to the name of a pushed log file.
You can select one of the following for adding as identifying information: IP address, MAC
address, host name, or UUID.
Provides lists of next-hop proxies that can be used for pushing log files.
Clicking Add or Edit allows you to add a next-hop proxy list or to edit a list.
Settings for the Errors Log
Specific settings for the Errors Log
You can configure these settings if you want them to differ from the global log file settings.
184
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
Log File Manager settings
20
Table 20-27 Settings for the Errors Log
Option
Definition
Enable specific errors log settings
When selected, the settings configured in the following apply to the
Errors Log.
Otherwise the global log file settings apply.
Auto-Rotation, Auto-Deletion,
Auto-Pushing
These settings include the same options and are configured in the same
way as the global log file settings.
Settings for the Update Log
Specific settings for the Update Log
You can configure these settings if you want them to differ from the global log file settings.
Table 20-28 Settings for the Update Log
Option
Definition
Enable specific update log settings
When selected, the settings configured in the following apply to the
Update Log.
Otherwise the global log file settings apply.
Auto-Rotation, Auto-Deletion,
Auto-Pushing
These settings include the same options and are configured in the same
way as the global log file settings.
Settings for the Audit Log
Specific settings for the Audit Log
You can configure these settings if you want them to differ from the global log file settings.
Table 20-29 Settings for the Audit Log
Option
Definition
Enable specific audit log settings
When selected, the settings configured in the following apply to the Audit
Log.
Otherwise the global log file settings apply.
Auto-Rotation, Auto-Deletion,
Auto-Pushing
These settings include the same options and are configured in the same
way as the global log file settings.
Advanced
Settings for auto-deletion of core and feedback files
McAfee Web Gateway 7.8.0
Interface Reference Guide
185
20
Monitoring
File System Logging settings
Table 20-30 Advanced
Option
Definition
Enable auto-deletion of core
files
When selected, core files are automatically deleted according to your settings.
Enable auto-deletion of
feedback files
Enable auto-deletion of files
created by the event
Body.ToFile.
You can specify a number, a time interval, and a volume to let core files that exist
in excess of these values be automatically deleted.
When selected, feedback files are automatically deleted according to your settings.
You can specify a number and time interval to let feedback files that exist in excess
of these values be automatically deleted.
When selected, files created by the event Body.ToFile are automatically deleted
according to your settings.
You can specify a number, a time interval, and a volume to let files that exist in
excess of these values be automatically deleted.
File System Logging settings
The File System Logging settings are used for configuring the rotation, deletion, and pushing of log files that are
maintained by logging rules.
File System Logging Settings
Settings for the log that stores rule-maintained log files
Table 20-31 File System Logging Settings
Option
Definition
Name of the log
Specifies the name of a log.
Enable log buffering
When selected, the log is buffered.
The buffer interval is 30 seconds.
Enable header writing
When selected, the header below is added to all log files.
Log header
Specifies a header for all log files.
Encrypt the log file
When selected, log files are stored encrypted.
First password, Repeat password
Sets a password for access to encrypted log files.
[Optional] Second password, Repeat password
Sets a second password for access to encrypted log files.
Settings for Rotation, Deletion, and Pushing
Settings for log file management
The settings for rotating, deleting, and pushing rule-maintained log files include the same options and are
configured in the same way as the corresponding settings for module-maintained log files, which are configured
as part of the Log File Manager settings.
SNMP settings
The SNMP settings are settings for configuring the monitoring of system events under SNMP.
SNMP Port Settings
Settings for the ports of the SNMP agent on an appliance that listen to client requests
186
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
SNMP settings
20
Table 20-32 SNMP Port Settings
Option
Definition
Listener address list
Provides a list for entering the ports that listen to client requests.
The following table describes an entry in the listener address list.
Table 20-33 Listener address – List entry
Option
Definition
Protocol
Specifies the protocol used for the communication between a port and the clients that it
listens to.
• UDP — When selected, UDP is used for this communication
• TCP — When selected, TCP is used for this communication
Listener address Specifies the IP address and port number of a listener port.
Comment
Provides a plain-text comment on a listener port.
The following two listener ports are available on an appliance and entered in this list by default.
•
UDP — 0.0.0.0:161
•
UDP — 0.0.0.0:9161
SNMP System Information
Settings for the appliance that is the monitored system
Table 20-34 SNMP System Information
Option
Definition
Description
Identifies the monitored system.
Object ID
Specifies the ID of the object in the Management Information Base (MIB) where information
on the monitored system begins.
For example: .1.3.6.1.4.1.1230.2.7.1.1
Contact person
Specifies the name of the person who administers the SNMP functions of the monitored
system.
Physical location Specifies the location of the monitored system.
SNMP Protocol Options
Settings for SNMP protocol versions and user access to SNMP information
Table 20-35 SNMP Protocol Options
Option
Definition
SNMP v1
When selected, system events are monitored under version 1 of SNMP.
SNMP v2c
When selected, system events are monitored under version 2c of SNMP.
Communities for SNMPv1 and
SNMPv2c access
Provides a list for entering the user communities who are allowed access to
SNMP information under versions 1 and 2c of SNMP.
SNMP v3c
When selected, system events are monitored under version 3 of SNMP.
SNMP v3 users
Provides a list for entering the users who are allowed access to SNMP
information under version 3 of SNMP
The following tables describe the entries in the list of user communities and the list of SNMP v3 users.
McAfee Web Gateway 7.8.0
Interface Reference Guide
187
20
Monitoring
SNMP settings
Table 20-36 User communities – List entry
Option
Definition
Community string Provides a string used for authenticating a user community to let it access SNMP information,
for example, public.
Allowed root OID
Identifies the item on the MIB tree that is the beginning of the information with allowed
access.
If * or no value is specified here, access to all information is allowed.
Allowed from
Specifies the host name or IP address of a host system that access to SNMP information is
allowed from.
Read-only access When selected, only reading access to SNMP information is allowed.
Provides a plain-text comment on a user community.
Comment
Table 20-37 SNMP v3 users – List entry
Option
Definition
User name
Specifies the name of a user who is allowed access to SNMP information.
Allowed root OID Identifies the item on the MIB tree that is the beginning of the information with allowed
access.
If * or no value is specified here, access to all information is allowed.
Authentication
Sets the authentication method used when SNMP information is accessed by a user.
Encryption
Sets the encryption method used when SNMP information is accessed by a user.
Read-only access When selected, only reading access to SNMP information is allowed.
Provides a plain-text comment on a user.
Comment
SNMP Trap Sinks
Settings for the host systems that receive SNMP messages
Table 20-38 SNMP Trap Sinks
Option
Definition
Trap sinks Provides a list for entering the host systems, known as trap sinks, that receive messages about
system events from the SNMP agent on an appliance.
The following table describes an entry in the list of trap sinks.
Table 20-39 Trap sinks – List entry
Option
Definition
Host name or IP address Specifies the host name or IP address of a host system that receives SNMP messages,
which are known as traps.
Port
Specifies the port on a host system that listens to SNMP messages.
Community string
Specifies the string used for authenticating a user community to let it access SNMP
information, for example, public.
Send SNMP v2c traps
When selected, messages can be sent under version v2c of the SNMP protocol.
Comment
Provides a plain-text comment on a host system that receives SNMP messages.
SNMP MIB Files
Files in txt format providing additional information about SNMP monitoring on an appliance
188
McAfee Web Gateway 7.8.0
Interface Reference Guide
Monitoring
ePolicy Orchestrator settings
20
Table 20-40 SNMP MIB Files
Option
Definition
MCAFEE-SMI.txt
Provides Structure of Management Information (SMI) on McAfee, including contact
information for the McAfee customer service.
MCAFEE-MWG-MIB.txt Provides descriptions of the items in the Management Information Base (MIB) that you
can do SNMP monitoring for on an appliance
ePolicy Orchestrator settings
The ePolicy Orchestrator settings are used for configuring the transfer of monitoring and other data from a Web
Gateway appliance to a McAfee ePO server.
ePolicy Orchestrator Settings
Settings for transferring monitoring data to a McAfee ePO server
Table 20-41 ePolicy Orchestrator Settings
Option
Definition
ePO user account
Specifies a user name for the account that allows the retrieval of monitoring
data from an appliance.
Password
Sets a password for a user.
Change
Opens a window to create a new password.
Enable data collection for ePO
When selected, monitoring data for the McAfee ePO server is collected on an
appliance.
Data collection interval in minutes Limits the time (in minutes) that elapse between data collections.
The time is set on a slider scale, ranging from 10 minutes to 6 hours.
ePo DXL Settings
Settings for configuring the credentials submitted by Web Gateway when connecting to a McAfee ePO server to
enable DXL messaging
Table 20-42 ePo DXL Settings
Option
Definition
ePO host name
Specifies the host name that Web Gateway uses when connecting to a McAfee
ePO server.
ePO user account
Specifies a name for the user account that Web Gateway submits when
connecting to a McAfee ePO server.
Password
Specifies the password that Web Gateway submits when connecting to a
McAfee ePO server.
Clicking Set opens a window for setting a new password.
Rejoining ePO for DXL
communication
When clicked, rejoins communication with the McAfee ePO server to complete
the setup.
A message informs you of the result.
McAfee Web Gateway 7.8.0
Interface Reference Guide
189
20
Monitoring
ePolicy Orchestrator settings
190
McAfee Web Gateway 7.8.0
Interface Reference Guide
21
Troubleshooting
Contents
Rule tracing panes
Troubleshooting settings
Rule tracing panes
The rule tracing panes allow you to create, review, and manage rule traces.
Figure 21-1 Rule tracing panes
The following table describes the main functions of the rule tracing panes.
McAfee Web Gateway 7.8.0
Interface Reference Guide
191
21
Troubleshooting
Rule tracing panes
Table 21-1 Main functions of the rule tracing panes
Pane
Description
Traces pane
Allows you to create and manage rule traces.
Rules pane
Allows you to view the rules that were processed.
Details pane
Allows you to view details with regard to properties used in rule criteria.
You can expand and hide panes by clicking the small black triangles between them.
Traces pane
The traces pane provides the following options.
Table 21-2 Traces pane
Option
Definition
Appliance
names list
Lets you select a Web Gateway appliance within your network that you want to import rule
traces from or create, review, and manage rule traces on.
Import
Opens a menu for importing rule traces.
• Import from appliance directory — Lets you import all rule traces that are recorded on the
appliance you selected from the list.
• Import from local directory — Opens the local file manager to let you import the rule traces that
are recorded on the appliance you are currently logged on to.
Client IP
address field
Lets you enter the IP address of the client that is the source of the requests rule processing is
traced for.
Go / Stop
icon (cross)
Starts or stops the creation of rule traces.
• Go — Starts the creation of rule traces for the latest requests received from the client
specified by the address in the client IP address field.
After clicking Go, the button shows the stop icon.
• Stop icon — Stops the creation of rule traces.
Source
Lets you select the source of rule traces that entries should be shown for on the traces pane.
Clicking the button displays a list of the zipped rule tracing files that you have imported.
After selecting a file, entries for the rule traces contained in the file appear on the traces pane.
The button then shows the name of the selected file.
If you do not select a file, entries for the rule traces that were created in the latest tracing are
shown.
192
McAfee Web Gateway 7.8.0
Interface Reference Guide
Troubleshooting
Rule tracing panes
21
Table 21-2 Traces pane (continued)
Option
Definition
Action icons
bar
When clicked, provides a menu of the actions that can be executed by rules.
Selecting an action filters the rule traces accordingly.
For example, if you select the Block action, only entries for rule traces are shown that recorded
an execution of this action.
You can select any combination of actions and also view the entries for all rule traces,
regardless of a particular action.
• Show all — Selects all actions and lets rule traces be shown for them.
• Invert selection — Lets rule traces be shown for all actions that are not selected.
Subsequently, these actions appear in the menu as selected.
Time or URL
filtering field
Export
Lets you enter a time or URL for filtering traces.
Clicking the icon (cross) at the right end of the field clears the filter.
Opens a menu for exporting rule traces.
• Export visible traces — Opens the local file manager to let you export the rule traces that entries
are currently shown for on the traces pane.
The rule traces are stored in a zipped file for exporting.
• Export selected trace — Opens the local file manager to let you export the currently selected rule
trace.
The rule trace is stored in a zipped file for exporting.
McAfee Web Gateway 7.8.0
Interface Reference Guide
193
21
Troubleshooting
Rule tracing panes
Table 21-2 Traces pane (continued)
Option
Definition
Clear
Opens a menu for clearing rule traces from the traces pane.
• Clear visible traces — Clears the rule traces that entries are currently shown for on the traces
pane.
• Clear selected trace — Clears the rule trace that is currently selected on the traces pane.
• Clear all — Clears all rule traces from the traces pane.
Clearing traces from the traces pane does not delete them.
You can delete rule traces in the Rule tracing files section, which is accessible from the
Troubleshooting top-level menu.
Traces field
Shows entries for individual rule traces, depending on the specified filtering information.
When you select a trace, the rule that contains the most impacting action is shown with
neighboring rules in the cycles pane and with its criteria, action, and events in the details pane.
Impact is attributed to actions in the following order:
Block (greatest impact) — Redirect — Authenticate — Remove — Stop Cycle — Stop Rule Set —
Continue
However, a Stop Cycle, Stop Rule Set, and Continue action is only attributed impact if it was the
last action in a cycle before rule processing stopped.
The following is provided for each trace:
• Action icon — Icon for the last action that was executed when rule processing was performed
for a request
The meanings of the icons can be viewed in the menu that appears when clicking the action
icons bar.
• Time — Time when a trace was created on a particular day
• URL — URL sent with the request that a trace was created for
Rules pane
The rules pane provides the following options.
Table 21-3 Rules pane
Option
Definition
Tracing
information
field
Provides information about a selected trace.
The following is shown for a selected trace:
• URL sent with the request that the trace was created for
• Time stamp indicating the time when the trace was created
• Name of the file that stores the rule trace
Cycle
Lets you select a cycle to display information recorded in a trace about the rule processing
that was performed in this cycle.
If you select All, summarized information is displayed about the processing in all cycles that
were recorded in a trace.
194
McAfee Web Gateway 7.8.0
Interface Reference Guide
Troubleshooting
Rule tracing panes
21
Table 21-3 Rules pane (continued)
Option
Definition
Search
Lets you type a term that is searched for within the information provided on rule sets and
rules.
A match can be found:
• In the name of rule set or rule
• In the name of a property, action, or event
• In a list name
• In the value of a property
• In a constant value
• In other text portions that appear on the user interface
The first match is highlighted. Using the arrows next to the search field, you can navigate to
the next or previous matches.
After selecting a new rule set or rule, the first match is again highlighted.
Rule sets and
rules field
Shows the rule sets and rules that were executed when rule processing was performed in the
selected cycle.
For each rule set and rule, the information listed below is provided in the rules pane.
More information can be viewed in the details pane after selecting a rule set or rule.
• Cycle — Cycle in which a rule set or rule was processed
Request and response cycles are represented by arrows in different colors
The meanings of these arrows are as follows:
• Arrow pointing to the right — Request cycle
• Arrow pointing to the left — Response cycle
• No arrow pointing to the right (left) — No processing in the request (response) cycle
• Hollow arrow — Rule set or rule processed, but no action executed (criteria did not
match)
• Gray arrow — Action executed, but not as the most impacting action in the rule trace
• Green arrow — Stop Rule Set, Stop Cycle, or Continue executed as the most impacting
action in the rule trace
McAfee Web Gateway 7.8.0
Interface Reference Guide
195
21
Troubleshooting
Rule tracing panes
Table 21-3 Rules pane (continued)
Option
Definition
An action of this type can only be the most impacting action if it was the last action in a
cycle before processing stopped.
• Yellow arrow — Remove executed as the most impacting action
• Blue arrow — Authenticate executed as the most impacting action
• Dark green arrow — Redirect executed as the most impacting action
• Red arrow — Block executed as the most impacting action
If a rule set or rule was also processed in an embedded objects cycle, this is indicated by a
small box with a number inside.
The box appears in the same line as the arrows for a rule set or rule. The box can be filled
with a color that corresponds to the colors of the arrows.
Accordingly, the meanings that a box with a number can have are as follows:
• No box in the line for a rule set or rule — Rule set or rule not processed in an embedded
objects cycle
• Box with number in the line for a rule set or rule — Rule set or rule processed in as many
embedded object cycles as is shown by the number
• Hollow box not colored — Rule set or rule processed in an embedded cycle, but no action
executed during this cycle (criteria did not match)
• Gray box — Action executed during an embedded objects cycle, but not as the most
impacting action in the rule trace
• Green box — Stop Rule Set, Stop Cycle, or Continue executed during an embedded
objects cycle as the most impacting action in the rule trace
An action of this type can only be the most impacting action if it was the last action in a
cycle before processing stopped.
• Yellow box — Remove executed as the most impacting action during an embedded
objects cycle
• Blue box — Authenticate executed as the most impacting action during an embedded
objects cycle
• Dark green box — Redirect executed as the most impacting action during an embedded
objects cycle
• Red box — Block executed as the most impacting action during an embedded objects
cycle
• Name — Name of a rule set or rule
If a rule set or rule uses a list in its criteria, the criteria is shown below the name.
A link to the list is then provided in the details pane.
Details pane
The details pane provides the following options.
196
McAfee Web Gateway 7.8.0
Interface Reference Guide
Troubleshooting
Rule tracing panes
21
Table 21-4 Details pane
Option
Definition
Top
Properties
tab
Displays a list of connection-related properties that are used by the rules of the currently
selected rule trace and processing cycle.
For each property, the following information is provided:
• Property — Name of the property
• Value — Value of the property at the time when a trace was created
 few properties are always recorded by rule tracing and on shown this tab, as they are always
processed. Others are only recorded and shown if they have been processed.
• URL — Always
• Client.IP — Always
• URL.Host — Always
• Authentication.Username — Only if processed
• Authentication.Usergroups —Only if processed
• URL.Categories —Only if processed
• Response.StatusCode —Only if processed
• Block.Reason —Only if processed
• Command.Name —Only if processed
Details tab
Shows the criteria of the rule set or rule that is currently selected in the rules pane.
The criteria is shown with the value its property was set to in the processing cycle that is
currently selected in the rules pane.
If All is selected in the rules pane, criteria is shown for every cycle in which processing was
performed.
For each criteria, the following information is provided:
• Cycle — Cycle in which the rule with the displayed criteria was processed and name of the rule
• Criteria — Criteria of the rule
If the criteria has matched, it is preceded by a marker icon (hook).
• Evaluated — Property of the criteria
If the criteria contains a list, the list name is repeated below the property name and a link to
the list is provided under Value.
• Value — Value for the property at the time when a trace was created
The value depends on the property type.
For example, a Boolean property has true or false as its values, a String property has a string, a
Number property a number, and so on.
If the criteria contains a list, a link to the list is provided.
McAfee Web Gateway 7.8.0
Interface Reference Guide
197
21
Troubleshooting
Troubleshooting settings
Table 21-4 Details pane (continued)
Option
Definition
After clicking the link, the list is shown in its current state, which may differ from the state at
the time when the rule trace was recorded.
List content is never included in a rule trace.
For criteria that has matched, the following information is additionally provided:
• Action — Action of the rule that was executed after the criteria had matched
• Event (only if a rule has an event) — Event of the rule that was triggered after the criteria had
matched
If a rule has more than one event, each of them is shown in a separate row.
Troubleshooting settings
The Troubleshooting settings are system settings that are used for configuring the troubleshooting functions on
an appliance.
Troubleshooting
Settings for general troubleshooting functions
Table 21-5 Troubleshooting
Option
Definition
Enable core file generation
When selected, core files can be generated.
Enable connection tracing
When selected, connections can be traced.
Restrict connection tracing to one IP
When selected, connection tracing is restricted to processing for requests
that are sent from one particular client, which is identified by its IP
address.
Client IP
IP address of the client that connection tracing is restricted to.
Reduce connection trace size
When selected, the size of connection tracing file can be reduced by
limiting the number of content bytes that are logged.
Content bytes included for each send and Maximum number of body bytes that are logged for each operation.
HTTP headers are always included.
receive operation
Enable tracing for Coordinator (e. g.
Central Management)
When selected, tracing is enabled for activities that are performed by the
Coordinator subsystem on Web Gateway, for example, activities that are
related to Central Management.
Write full message body into log
When selected, the complete body of a message is written into a log file.
Enable tracing for DXL
When selected, DXL messaging can be traced.
Write full message body into log
When selected, the complete body of a message is written into a log file.
Authentication Troubleshooting
Settings for authentication-related troubleshooting
198
McAfee Web Gateway 7.8.0
Interface Reference Guide
Troubleshooting
Troubleshooting settings
21
Table 21-6 Authentication Troubleshooting
Option
Definition
Log management events
When selected, management events are logged.
Log authentication events
When selected, authentication events are logged.
Restrict connection tracing to one IP When selected, connection tracing is restricted to processing for requests that
are sent from one particular client, which is identified by its IP address.
IP address of the client that connection tracing is restricted to.
Client IP
Quota Troubleshooting
Settings for troubleshooting that is related to quota restrictions
Table 21-7 Quota Troubleshooting
Option
Definition
Log quota events
When selected, quota events are logged.
PDStorage Troubleshooting
Settings for troubleshooting that is related to the PDStorage function
Table 21-8 PDStorageTroubleshooting
Option
Definition
Log PDStorage events
When selected, PDStorage events are logged.
SAML Processing Troubleshooting
Settings for troubleshooting that is related to the SAML processing
Table 21-9 SAML Processing Troubleshooting
Option
Definition
Enable logging
When selected, SAML processing events are logged.
McAfee Web Gateway 7.8.0
Interface Reference Guide
199
21
Troubleshooting
Troubleshooting settings
200
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
The following lists describe items you can use to configure web security rules.
Contents
List of actions
List of block reason IDs
List of error IDs
List of events
List of incident IDs
List of operators
List of properties
List of statistics counters
List of actions
The following table provides a list of the actions you can use in rules.
The actions are listed in alphabetical order.
Table 22-1 List of actions
Action
Description
Authenticate
Stops processing the rules in the current cycle.
Sends an authentication request to the client of the user who requested access to a web object.
Continues processing with the next cycle.
Block
Blocks access to a requested web object.
Stops processing rules.
Continues when the next request is received on the appliance.
Continue
Continues processing with the next rule.
Redirect
Redirects a client that requested access to a web object to another object.
Remove
Removes a requested web object.
Stops processing the rules in the current cycle.
Continues processing with the next cycle.
McAfee Web Gateway 7.8.0
Interface Reference Guide
201
22
Configuration lists
List of block reason IDs
Table 22-1 List of actions (continued)
Action
Description
Stop Cycle
Stops processing the rules in the current cycle.
Does not block access to a requested web object.
Continues processing with the next cycle.
Stop Rule Set Stops processing the rules of the current rule set.
Continues processing with the next rule set.
List of block reason IDs
The following table provides a list of block reason IDs with descriptions of their meanings.
You can configure block reason IDs in user message templates to provide a value that identifies a block reason
for logging by McAfee Web Reporter.
®
Table 22-2 List of block reason IDs
202
Block reason ID
Description
0
Allowed
1
Internal error
2
Default message template being used for an action
3
Internal URL filter error
10
Blocked due to an entry in the URL filter database
14
Blocked according to URL filtering by expression
15
Blocked by the Real-Time Classifier
20
Blocked due to lack of content type
22
Blocked due to the media type
30
Blocked due to a multi-part archive having been found
35
Blocked due to an archive not handled by the Archive Handler
80
Blocked due to a virus having been found
81
Blocked due to unauthorized access
82
Blocked due to a bad request
85
Blocked due to an internal anti-malware error
92
Blocked due to expiration of a certificate
93
Blocked due to a revoked certificate
94
Blocked due to a forbidden certificate authority (CA)
95
Blocked due to an unknown certificate authority (CA)
97
Blocked due to a self-signed certificate
98
Blocked due to a common name mismatch
102
Blocked due to an unspecified certificate incident
103
Blocked due to CONNECT not allowed
104
Blocked due to the reverse proxy destination not being allowed
140
Blocked due to an internal DLP filter error
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of error IDs
22
Table 22-2 List of block reason IDs (continued)
Block reason ID
Description
150
Blocked due to an internal Application Control filter error
151
Blocked due to a request belonging to an application that is not allowed
160
Blocked due to missing policy for Web Hybrid
161
Blocked due to web access not being allowed by Web Hybrid
162
Blocked due to URL filtering by Web Hybrid
200
Blocked due to the coaching session of a user having been exceeded
201
Blocked due to the time quota session of a user having been exceeded
202
Blocked due to the time quota for a user having been exceeded
203
Blocked due to the volume quota session of a user having been exceeded
204
Blocked due to the volume quota for a user having been exceeded
205
Blocked due to the authorized override session of a user having been exceeded
206
Blocked due to the blocking session of a user being active
300
Blocked due to a quota redirect
301
Blocked due to an authentication redirect
400
Blocked due to an authorized override redirect
List of error IDs
The following table provides a list of the error IDs you can use in rules.
The error IDs are grouped in numerical ranges as follows.
10000–10049
Incorrect usage of properties or events
10050–10099
Errors of the rule processing module
10100–10199
General errors
11000–11999
License Manager errors
12000–12999
Errors related to the appliance system
13000–13999
Persistent Database (PDStore) errors
14000–14999
Virus and malware filtering errors
15000–15999
URL filtering errors
16000–16999
ICAP client errors
20000–21000
Proxy module errors
25000–25999
External lists errors
26000–26999
Data loss prevention (DLP) errors
32000–32999
Cloud storage encryption errors
34000–34999
Single sign-on errors
35000–35999
DXL errors
McAfee Web Gateway 7.8.0
Interface Reference Guide
203
22
Configuration lists
List of error IDs
Table 22-3 List of error IDs
204
Error ID Name
Description
10000
WrongPropParams
$onPosition$: Wrong parameters or types for property
$propName$.
10001
UnknownProperty
$onPosition$: Error in rule ‘$ruleName$’: Property dispatcher
does not know property $propName$.
10002
NoPropParam
$onPosition$: No parameter for property $propName$ given.
10003
WrongThirdPropParam
$onPosition$: Wrong type of third parameter for property
$propName$.
10004
InvalidPropertyParameter
$onPosition$: Parameters for property $propName$ are
invalid, reason: $reason$.
10005
InvalidPropertyParameter2
Parameters are invalid. Reason: $reason$.
10005
UnknownProperty2
$onPosition$: Unknown property $propName$.
10007
UnknownFunc
$onPosition$: Unknown function $funcName$. Details:
$reason$.
10050
WrongOperator
$onPosition$: Error in rule '$ruleName$': wrong operator
'$operator$' used on left hand side type $typeLeft$ and right
hand side type $typeRight$.
10051
WrongOperatorNoNames
$onPosition$: $action$ failed. Type of $property$ is
$typeName$, but it has to be $formatType$.
10052
FormatError
$onPosition$: User-defined property '$propName$' could not
be found. Reason: it was not yet set (not initialized).
10053
UserDefinedPropertyNotFound
$onPosition$: User-defined property '$propName$' could not
be found. Reason: it was not yet set (not initialized).
10054
PropertyNotFound
$onPosition$: Property '$propName$' could not be found.
Reason: it was not yet set (not initialized).
10055
NeedMoreDataOnLastCall
On computing property '$propName$' the filter returned
'NeedMoreData' though there is no more data.
10056
WrongPropState
$onPosition$: State of Property $propName$ is $propState$.
10057
ZombieRuleElemIsExecuted
$rule$ (name: '$name$', id: '$id$') could not be executed
because it is a zombie. Reason: '$reason$'.
10058
SetPropertyFailed
$onPosition$: Error in Rule '$ruleName$': Event could not be
evaluated. Reason: $reason$.
10059
EventError
$onPosition$: Error while $operation$ the $objName$.
Reason: $reason$.
10100
ErrorDuringOperation
$onPosition$: Error while $operation$ the $objName$.
Reason: $reason$.
10101
InitializeFailed
$onPosition$: Could not initialize/create $objName$. Reason:
$reason$.
11000
NoLicense
The requested functionality '$func$' is not covered by your
license.
12000
CannotOpenPipe
Cannot open pipe.
12001
CannotOpenFile
Cannot open file '$name$' in mode '$mode$' with errno
'$errno$'.
13000
NoUser
No user available.
14000
AVError
Error in AntivirusFilter: $reason$.
14001
AVScanFailedFull
Cannot call McAfee Gateway Anti-Malware engine. All
connections in use.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of error IDs
22
Table 22-3 List of error IDs (continued)
Error ID Name
Description
14002
Internal error in Anti-Malware filter.
AVError
As the IDs of error messages are used in the rules for
error handling, you need to adapt these rules on your
appliance to account for the new error messages and
IDs (14003, 14004, 14005) that were introduced with
McAfee Web Gateway version 7.3.
The library rule set for error handling has been
adapted to fit in with the new messages and IDs.
14003
AVError
Timeout occurred while filtering.
See also the note on error message 14002.
14004
AVError
Cannot filter because a special update is performed.
See also the note on error message 14002.
14005
AVError
Scanning failed.
See also the note on error message 14002.
14010
ATDError
Communication failed.
Communication to a server that Advanced Threat Defense
runs on failed.
This can be due to several reasons, including network
problems (the server is offline, a request timed out), to an
issue with the HTTP protocol, or ton an unexpected or
malformed server reply.
14011
ATDError
Timeout occurred while filtering.
Advanced Threat Defense took longer to scan a web object
than is allowed according to the configured time.
The time allowed by default is 10 minutes.
14012
ATDError
File cannot be scanned.
Advanced Threat Defense was not able to scan a web object.
In the scanning report that is returned by Advanced Threat
Defense, the value for Severity is set to N/A.
14013
ATDError
Background scan not started in time.
Advanced Threat Defense was not started in time for scanning
a web object.
This error occurs if the Antimalware.MATD.InitBackgroundScan
property is not evaluated before the configured timeout has
elapsed.
The most likely reason for this evaluation failure error is that
the MATD - Handle Offline Scan rule set has been deleted or is
disabled or has not been placed in a proper position within the
rule sets tree.
McAfee Web Gateway 7.8.0
Interface Reference Guide
205
22
Configuration lists
List of error IDs
Table 22-3 List of error IDs (continued)
Error ID Name
Description
14014
Invalid parameters in internal request for background scan.
ATDError
An internal request for passing on a web object to Advanced
Threat Defense contained invalid parameters.
This error occurs if the Antimalware.MATD.IsBackgroundScan
property is evaluated and invalid parameters are detected in
the internal request.
The most likely reason for these invalid parameters to appear
is that someone tried to simulate an internal request.
14015
ATDError
Already in background scan.
The scanning process was already started for a web object that
had been passed on to Advanced Threat Defense when
another request for scanning the same object was submitted.
This error occurs if the Antimalware.MATD.InitBackgroundScan
property is evaluated in the course of processing a scanning
request and another request regarding the same object is
received at the same time.
206
15000
TSDatabaseExpired
Global Threat Intelligence system database expired error:
Database is expired. '$desc$'.
15001
TSInvalidURL
The URL '$url$' is invalid. In function $func$.
15002
TSBinaryNotProperlyLoaded
Binary could not be loaded from '$path$'. In function $func$.
15003
TSCommon
Global Threat Intelligence system error (code: $errorCode$). In
function $func$.
15004
TSBinaryDoesNotExist
Global Threat Intelligence system library is not yet available. In
function $func$.
15005
TSDatabaseNotProperlyLoaded
Database was not properly loaded. In function $func$.
15006
TSNoMem
Global Threat Intelligence system is out of memory. In function
$func$.
15007
TSInsufficientSpace
Insufficient space in buffer for Global Threat Intelligence
system. In function $func$.
15008
TSNetLookup
Global Threat Intelligence system net error (code:
TS_NET_ERROR). In function $func$.
15009
TSCommonNetLookup
Global Threat Intelligence system net error (code: $errorCode
$). In function $func$.
15010
TSPipe
Cannot open Global Threat Intelligence system pipe. In
function $func$.
16000
NoICAPServerAvailable
No ICAP server available from list: $list$.
16001
NoRespModPropInReqMod
Property $propName$ cannot be calculated in request cycle.
16002
ICAPBadResponse
ICAP client filter error: ICAP server sent bad response.
16003
ICAPMaxConnectionLimit
ICAP client filter error: Maximum number of connections
reached.
16004
ICAPCannotConnectToServer
ICAP client filter error: Cannot connect to ICAP server.
16005
ICAPCommunicationFailure
ICAP client filter error: Failure in communication with ICAP
server.
20000
CheckLongRunningConnection
A timeout occurred on a long-running connection.
20001
CheckSizeOfConnection
The maximum amount of data that can be sent on a
long-running connection has been exceeded.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of error IDs
22
Table 22-3 List of error IDs (continued)
Error ID Name
Description
25000
Unknown error happened
An uncategorized error was encountered by the External Lists
module.
25001
Error during data fetch
An uncategorized error was encountered by the External Lists
module during the data fetch.
25002
Error during data conversion
An error occurred while external list data was converted.
25003
Too much data
The configured limit for the number of list entries that can be
retrieved from an external source has been exceeded.
25004
Timeout during data fetch
The configured timeout for retrieving external list data has
expired.
25005
Data access denied
The rights required for accessing a source of external list data
have not been granted to the appliance.
25006
No such resource
A source of external list data, for example, a file or web server,
could not be found.
26001
DLP engine not loaded
The DLP engine could not be loaded.
27001
AppRisk database not available
The AppRisk database is not available for filtering web traffic.
32002
Empty password is not allowed
An empty password was submitted, for example, when
passwords were retrieved from an external data source.
32003
Invalid configuration for filter
The settings of the module for encryption and decryption are
invalid. This error occurs very rarely. It could be caused by a
general issue with policy configuration on Web Gateway.
32004
Encryption failed: Unknown content Data could not be encrypted because it was of an unknown
type
type. This could be caused by an invalid description for a cloud
storage service.
32005
Encryption failed: Parsing of
message body failed
The data sent in the body of an upload request is in multi-part/
form data format. Parsing this type of data, which is required
for encryption, is not supported on Web Gateway.
32006
Encryption failed: Fetching of file
name failed
The name of a file containing data that should be encrypted
could not be fetched.
32007
Encryption failed: Cipher NNNN is
not supported
The cipher that is provided for encrypting data is invalid. This is
very unlikely to happen, as the administrator selects the
encryption cipher from a pre-configured list.
32008
Encryption failed: Generation of salt The process of salt generation, which is required for encrypting
failed
data, could not be performed successfully. This is usually
caused by an internal OpenSSL error.
32009
Encryption failed: Fetching of key
failed
The key that is required for encrypting data could not be
fetched.
32010
Encryption failed: Initialization of
encryption failed
The encryption process could not be initialized.
32011
Encryption failed: Data encryption
failed
An error occurred during the encryption process.
32012
Encryption failed: Finalization of
decryption failed
The encryption process could not be completed.
32013
Encryption failed: Generic error
Other encryption-related error
32014
Decryption failed: Unknown
content type
Data could not be decrypted because it was of an unknown
type. This could be caused by an invalid description for a cloud
storage service.
32015
Decryption failed: Multi-part
message body is not supported
A cloud storage service sent data in the body of its response to
a download request that is in multi-part/form data format.
Decrypting this type of data is not supported on Web Gateway.
McAfee Web Gateway 7.8.0
Interface Reference Guide
207
22
Configuration lists
List of events
Table 22-3 List of error IDs (continued)
Error ID Name
Description
32016
Decryption failed: Cipher NNNN is
not supported
The cipher that is provided for decrypting data is invalid. This is
very unlikely to happen, as the administrator selects the
decryption cipher from a pre-configured list.
32017
Decryption failed: Fetching of key
failed
The key that is required for decrypting data could not be
fetched.
32018
Decryption failed: Initialization of
decryption failed
The decryption process could not be initialized.
32019
Decryption failed: Data decryption
failed
An error occurred during the decryption process.
32020
Decryption failed: Finalization of
decryption failed
The decryption process could not be completed.
32021
Decryption failed: Generic error
Other decryption-related error
34000
Generic SSO filter error
An error happened during the single sign-on process. Reason:
'General error...'
34001
Generic SSO filter error
A user tried to get single sign-on access using a non-existing
cloud connector. Reason: 'No such connector'
34003
Generic SSO filter error
No cloud connector was configured for the single sign-on
process. Reason: 'There is no connector catalog'
34004
SSO service mismatch error
The value for a token did not match the value that was stored
in a cloud connector: Service mismatch. Token ID: '$tokenid$',
Service ID: '$serviceid$'
34005
SSO service not enabled
A cloud application was not available for a user: Realm: '$realm
$', user: '$userid$', service ID: '$serviceid$'.
34006
SSO non-inline mode error
A cloud application was not available in the non-proxy
(non-inline) mode of the single sign-on process: Service ID:
'$serviceid$
34050
Credential store generic error
See the error log for details.
34051
Credential store generic error
This request is not allowed for current user.
34052
Credential store generic error
The credential store request could not be created.
34060
Credential store server HTTP error
The credential store server responded to a request with an
HTTP error. See the error log for details.
34070
Credential store server error
The credential store server responded with an error. See the
error log for details. The log includes the error code returned
by the credential store server.
34080
Credential store connection error
A credential store request failed because of a connection error.
See the error log for details.
34090
Credential store request error
An internal error occurred while a credential store request was
performed. See the error log for details.
35000
DXLNotAvailable
No DXL messages can currently be sent.
37002
Generic application filtering error
A generic error occurred in application filtering. See the error
log for details.
List of events
The following table provides a list of the events you can use in rules.
The events are listed in alphabetical order.
208
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of events
22
Table 22-4 List of events
Name
Description
Parameters
Authentication.AddMethod
Adds an authentication method.
1 String: Name of an
authentication method
2 String: Value for an
authentication method
3 Boolean: If true, an
existing method is
overwritten.
Authentication.ClearCache
Clears the cache.
Authentication.ClearMethodList
Clears the authentication methods list.
Authentication.ClearNTMLCache
Clears the NTML cache.
Authentication.GenerateICEResponse
Generates a token that is sent in
response to McAfee Cloud Identity
Manager to enable seamless
authentication.
Authentication.SendOTP
Sends a one-time password to an
authenticated user.
Bandwidth.FromClient
Limits the speed of data transfer from
a client to the appliance.
String: Name of
bandwidth class
Bandwidth.FromServer
Limits the speed of data transfer from
a web server to the appliance.
String: Name of
bandwidth class
Bandwidth.ToClient
Limits the speed of data transfer from
the appliance to a client.
String: Name of
bandwidth class
Bandwidth.ToServer
Limits the speed of data transfer from
the appliance to a web server.
String: Name of
bandwidth class
BlockingSession.Activate
Activates a blocking session.
Body.Insert
Inserts a string into the body of the
request or response that is currently
processed.
1 Number: Byte position
where insertion begins
2 String: Pattern
a. string embedded in
double quotes (“ ...”,
can also contain hex
values preceded by \)
or:
b. sequence of hex
values
Body.Remove
Removes a number of bytes from the
body of the request or response that
is currently processed.
1 Number: Byte position
where the removal
begins
2 Number: Number of
bytes to remove
McAfee Web Gateway 7.8.0
Interface Reference Guide
209
22
Configuration lists
List of events
Table 22-4 List of events (continued)
Name
Description
Parameters
Body.Replace
Replaces a portion from the body of
the request or response that is
currently processed with a string.
1 Number: Byte position
where replacement
begins
2 String: Pattern
a. string embedded in
double quotes (“ ...”,
can also contain hex
values preceded by \)
or:
b. sequence of hex
values
Body.ToFile
String: Name of the file
that the body is written
to
Writes the body of the request or
response that is currently processed
to the specified file.
The file is stored in the
directory /opt/mwg/log/debug/
BodyFilterDumps.
The body is written to the file only
after it has been completely loaded,
even if the Body.ToFile event occurred
when only one or more chunks of the
body had been loaded.
To prevent the stored files from filling
up the hard disk of an appliance,
enable their auto-deletion on the user
interface under Configuration |
<appliance> | Log File Manager | Advanced.
CloudEncryption.Encrypt
Performs the encryption of cloud
storage data using the encryption
algorithm configured in the settings
and the password specified as a
parameter of the event.
This event can be triggered several
times with different settings and
passwords, so encryption is also
performed several times.
CloudEncryption.Decrypt
Performs the decryption of data using
the decryption algorithm specified in
the settings and the password
specified as a parameter of the event.
This event can be triggered several
times with different settings and
passwords, so decryption is also
performed several times.
Order of calls to this event should be
the reverse of calls to the encryption
event.
Connection.Mark
210
McAfee Web Gateway 7.8.0
Sets a connection mark.
Number: Number of a
connection
Interface Reference Guide
Configuration lists
List of events
22
Table 22-4 List of events (continued)
Name
Description
Parameters
DSCP.Mark.Request
Sets an IP header field.
Number: Value of the
DSCP header field
The field is known as DSCP header
field. It can be evaluated by network
devices supporting DSCP
(Differentiated Services Code Point)
when data packets are sent from Web
Gateway to the requested web server.
The value that the field is set to can be
a number ranging from 0 to 63.
The field can only be set for requests
that are sent using an HTTP(S)
connection.
The option to set this field by an event
allows the administrator to provide
information for network devices that
support DSCP, such as routers and
others, depending on a Web Gateway
rule that applies.
Using the header field in this way
requires that the network devices are
configured accordingly.
For example, when a rule for handling
streaming media applies, setting the
header field to a particular value
would let routers direct data packets
in a way that leads to a throttling of
the connection. Another option would
be to use the header field for letting
network devices perform some kind of
load balancing.
DSCP.Mark.Response
Number: Value of the
DSCP header field
Sets an IP header field.
The field is known as DSCP header
field. It can be evaluated by network
devices supporting DSCP
(Differentiated Services Code Point)
when data packets are sent back in
response from Web Gateway to a
client.
The value that the header field is set
to can be a number ranging from 0 to
63.
The header field can only be set for
responses that are sent using an
HTTP(S) connection.
The option to set this header field by
an event allows the administrator to
provide information for network
devices that support DSCP, such as
routers and others, depending on a
Web Gateway rule that applies.
Using the header field in this way
requires that the network devices are
configured accordingly.
McAfee Web Gateway 7.8.0
Interface Reference Guide
211
22
Configuration lists
List of events
Table 22-4 List of events (continued)
Name
Description
Parameters
DXL.Event
Sends a DXL message with
1 String: Topic to send
information about a web security topic
information about
to the subscribers.
2 String: Information to
send about topic
Email.Send
Sends an email.
1 String: Recipient
2 String: Subject
3 String: Body
Enable Cache
Enables the web cache.
Using this event, web objects from
traffic going on under HTTP or HTTPS
can be cached.
An event setting can be configured to
enable caching for either of the two
protocols. Default is HTTP.
HTTP2 is not supported.
Rules that use this event must specify
the protocol that caching is configured
for in their criteria.
To increase the hit rate, the isssl and
X-Forwarded-Proto request headers
are ignored.
The Accept-Encoding header is also
ignored if the requested content can
be extracted on Web Gateway.
The default cache key is the URL for a
web object with the protocol name
added.
An additional cache key can be
configured using the Cache.AdditionalKey
property in a rule.
Enable CompositeOpener
Enables the composite opener.
Enable Data Trickling
Enables data trickling.
Enable FTP Upload Progress Indication
Enables the sending of responses to
an FTP client, stating that processing
of a file that has been sent for
uploading to the web is still in
progress.
This is intended to prevent a timeout
on the FTP client when processing on
Web Gateway takes more time, for
example, due to scanning the file that
should be uploaded for infections by
viruses and other malware.
212
Enable HTML Opener
Enables the HTML opener.
Enable Media Stream Scanner
Enables the Media Stream Scanner,
which is provided by the McAfee
Gateway Anti-Malware engine.
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of events
22
Table 22-4 List of events (continued)
Name
Description
Parameters
Enable Next Hop Proxy
Enables use of next-hop proxies.
Enable Outbound Source IP Override
Enables the replacement of different
outbound source IP addresses by a
single IP address.
Enable Progress Page
Enables display of a progress page.
Enable RuleEngine Tracing
Enables tracing of the activities that
are completed by the rule processing
module (rule engine).
Enable SSL Client Context with CA
Enables sending of client certificates
issued by a certificate authority.
Enable SSL Client Context without CA
Enables sending of client certificates
not issued by a certificate authority.
Enable SSL Scanner
Enables module for SSL scanning.
Enable SafeSearchEnforcer
Enables the SafeSearchEnforcer.
Enable Proxy Control
Enables proxy control
FileSystemLogging.WriteDebugEntry
Writes a debugging entry.
List of string: List of IP
addresses for replacing
other IP addresses in
string format
1 String: Debugging entry
2 Boolean: If true, entry
is written to stdout.
FileSystemLogging.WriteLogEntry
Writes an entry into a log.
String: Log entry
HTMLElement.InsertAttribute
Inserts an attribute into an HTML
element.
1 String: Attribute name
HTMLElement.RemoveAttribute
Removes an attribute from an HTML
element.
String: Attribute name
HTMLElement.SetAttributeValue
Sets an attribute to a value.
1 String: Attribute name
2 String: Attribute value
2 String: Value to set
attribute to
Header.Add
Adds a header to a request or
response.
1 String: Header name
2 String: Header value
Header.AddMultiple
Adds a header with a list of values to a 1 String: Header name
request or response.
2 List of string: List of
header values
Header.Block.Add
Adds a block header to a request or
response.
1 String: Header name
Adds a block header with a list of
values to a request or response.
1 String: Header name
Removes all block headers with a
given name from a request or
response.
String: Header name
Header.Block.AddMultiple
Header.Block.RemoveAll
McAfee Web Gateway 7.8.0
2 String: Header value
2 List of string: List of
header values
Interface Reference Guide
213
22
Configuration lists
List of events
Table 22-4 List of events (continued)
Name
Description
Parameters
Header.ICAP.Response.Add
Adds a header to an ICAP response.
1 String: Header name
2 String: Header value
Header.ICAP.Response.AddMultiple
Adds a header with a list of values to
an ICAP response.
1 String: Header name
Header.ICAP.Response.RemoveAll
Removes all headers with a given
name from an ICAP response.
String: Header name
Header.RemoveAll
Removes all headers with a given
name from a request or response.
String: Header name
Header.Response.Add
Adds a header to the page generated
by a block action.
HTTP.GenerateResponse
Generates a response to the request
made in the request cycle.
String: Response body
HTTP.SetStatus
Sets the HTTP status code at the end
of the response cycle.
Number: HTTP status
code
ICAP.AddRequestInformation
Adds information to an ICAP request.
1 String: Name of the
request
2 List of string: List of
header values
2 String: Added
information
MediaType.Header.FixContentType
Replaces a media type header with an
appropriate header when it is found
after inspection of the media body
that the original header does not
match the body.
Notice
Writes an entry with notice level into
syslog.
String: Log entry
PDStorage.AddGlobalData.Bool
Adds global variable of type Boolean.
1 String: Variable key
2 Boolean: Variable value
PDStorage.AddGlobalData.Category
Adds global variable of type Category.
1 String: Variable key
2 Category: Variable
value
PDStorage.AddGlobalData.Dimension
PDStorage. AddGlobalData.Hex
Adds global variable of type
Dimension.
1 String: Variable key
Adds global variable of type Hex.
1 String: Variable key
2 Dimension: Variable
value
2 Hex: Variable value
PDStorage. AddGlobalData.IP
Adds global variable of type IP.
1 String: Variable key
2 IP: Variable value
PDStorage.AddGlobalData.IPRange
Adds global variable of type IPRange.
1 String: Variable key
2 IPRange: Variable value
214
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of events
22
Table 22-4 List of events (continued)
Name
Description
Parameters
PDStorage.AddGlobalData.List.Category
Adds global variable of type List of
Category.
1 String: Variable key
PDStorage. AddGlobalData.List. Dimension Adds global variable of type List of
Dimension.
1 String: Variable key
PDStorage.AddGlobalData.List.Hex
Adds global variable of type List of
Hex.
1 String: Variable key
Adds global variable of type List of IP.
1 String: Variable key
PDStorage. AddGlobalData.List.IP
2 List of Category:
Variable value
2 List of Dimension:
Variable value
2 List of Hex: Variable
value
2 List of IP: Variable value
PDStorage. AddGlobalData.List.IPRange
PDStorage.AddGlobalData.List.MediaType
PDStorage. AddGlobalData.List. Number
PDStorage. AddGlobalData.List. String
PDStorage. AddGlobalData.List. Wildcard
PDStorage. AddGlobalData. MediaType
PDStorage. AddGlobalData.Number
Adds global variable of type List of
IPRange.
1 String: Variable key
Adds global variable of type List of
MediaType.
1 String: Variable key
Adds global variable of type List of
Number.
1 String: Variable key
Adds global variable of type List of
String.
1 String: Variable key
Adds global variable of type List of
Wildcard Expression.
1 String: Variable key
Adds global variable of type
MediaType.
1 String: Variable key
Adds global variable of type Number.
1 String: Variable key
2 List of IPRange:
Variable value
2 List of MediaType:
Variable value
2 List of Number:
Variable value
2 List of String: Variable
value
2 List of Wildcard
Expression: Variable
value
2 MediaType: Variable
value
2 Number: Variable value
PDStorage. AddGlobalData.String
Adds global variable of type String.
1 String: Variable key
2 String: Variable value
PDStorage. AddGlobalData. Wildcard
McAfee Web Gateway 7.8.0
Adds global variable of type Wildcard
Expression.
1 String: Variable key
2 Wildcard Expression:
Variable value
Interface Reference Guide
215
22
Configuration lists
List of events
Table 22-4 List of events (continued)
Name
Description
Parameters
PDStorage. AddUserData.Bool
Adds user variable of type Boolean.
1 String: Variable key
2 Boolean: Variable value
PDStorage. AddUserData.Category
Adds user variable of type Category.
1 String: Variable key
2 Category: Variable
value
PDStorage. AddUserData. Dimension
Adds user variable of type Dimension.
1 String: Variable key
2 Dimension: Variable
value
PDStorage. AddUserlData.Hex
Adds user variable of type Hex.
1 String: Variable key
2 Hex: Variable value
PDStorage. AddUserData.IP
Adds user variable of type IP.
1 String: Variable key
2 IP: Variable value
PDStorage. AddUserData.IPRange
Adds user variable of type IPRange.
1 String: Variable key
2 IPRange: Variable value
PDStorage. AddUserData.List. Category
PDStorage. AddUserData.List. Dimension
PDStorage. AddUserData.List.Hex
Adds user variable of type List of
Category.
1 String: Variable key
Adds user variable of type List of
Dimension.
1 String: Variable key
Adds user variable of type List of Hex.
1 String: Variable key
2 List of Category:
Variable value
2 List of Dimension:
Variable value
2 List of Hex: Variable
value
PDStorage. AddUserData.List.IP
Adds user variable of type List of IP.
1 String: Variable key
2 List of IP: Variable value
PDStorage.AddUserData.List.IPRange
PDStorage.AddUserData.List.MediaType
PDStorage.AddUserData.List.Number
216
McAfee Web Gateway 7.8.0
Adds user variable of type List of
IPRange.
1 String: Variable key
Adds user variable of type List of
MediaType.
1 String: Variable key
Adds user variable of type List of
Number.
1 String: Variable key
2 List of IPRange:
Variable value
2 List of MediaType:
Variable value
2 List of Number:
Variable value
Interface Reference Guide
Configuration lists
List of events
22
Table 22-4 List of events (continued)
Name
Description
Parameters
PDStorage.AddUserData.List.String
Adds user variable of type List of
String.
1 String: Variable key
Adds user variable of type List of
Wildcard Expression.
1 String: Variable key
Adds user variable of type MediaType.
1 String: Variable key
PDStorage.AddUserData.List.Wildcard
PDStorage.AddUserData.MediaType
2 List of String: Variable
value
2 List of Wildcard
Expression: Variable
value
2 MediaType: Variable
value
PDStorage.AddUserData.Number
Adds user variable of type Number.
1 String: Variable key
2 Number: Variable value
PDStorage.AddUserData.String
Adds user variable of type String.
1 String: Variable key
2 String: Variable value
PDStorage.AddUserData.Wildcard
Adds user variable of type Wildcard
Expression.
1 String: Variable key
2 Wildcard Expression:
Variable value
PDStorage.Cleanup
Cleans up persistently stored data.
PDStorage. DeleteAllUserData
Deletes all permanently stored user
data.
PDStorage.DeleteGlobalData
Deletes all permanently stored global
variables of a given type.
String: Variable key
PDStorage.DeleteUserData
Deletes all permanently stored user
variables of a given type.
String: Variable key
ProtocolDetector.ApplyFiltering
Applies processing of web filtering
rules on web traffic that has been
found to follow a protocol that is
supported on Web Gateway.
SNMP.Send.Trap.Application
Sends an SNMP trap message with
application information.
SNMP.Send.Trap.System
Sends an SNMP trap message with
system information.
SNMP.Send.Trap.User
Sends an SNMP trap message with
user information.
1 Number: User ID
Sends an SNMP trap message with
information on the host of a user.
1 Number: User ID
SNMP.Send.Trap.UserHost
2 String: Message body
2 String: Message body
3 IP: IP address of the
host
McAfee Web Gateway 7.8.0
Interface Reference Guide
217
22
Configuration lists
List of events
Table 22-4 List of events (continued)
Name
Description
Parameters
SSO.AddCredentials
Creates new credentials for a user
1 String: Identity provider
who attempts to log on in a single
sign-on process to a cloud application. 2 String: User name
To authenticate a user, the credentials 3 String: Cloud
are evaluated by an authentication
application
instance, which is also known as
identity provider (IdP), for example, an 4 JSON: Credentials in
LDAP or NTLM database.
JSON format
The new credentials are stored in the
database of the identity provider.
SSO.AddServices
Prepares the availability of cloud
applications for a user who attempts
to select one of them for logon in a
single sign-on process.
A cloud application is also
referred to as cloud service.
SSO.DeleteCredentials
Deletes credentials of a user who
attempts to logon in a single sign-on
process to a cloud application.
1 String: Identity provider
2 String: User name
3 List: List of cloud
applications
1 String: Identity provider
2 String: User name
To authenticate a user the credentials 3 String: Cloud
are evaluated by an authentication
application
instance, which is also known as
identity provider (IdP), for example, an 4 JSON: Credentials in
LDAP or NTLM database.
JSON format
The new credentials are stored in the
database of the identity provider.
SSO.ProcessFormLogin
Processes the data that was submitted
for a user in a form on a logon page to
perform logon to a cloud application
in a single sign-on process.
One of the following is executed for
the logon form:
• When a logon form is sent with a
POST request to a cloud application,
the password token that had been
inserted into the logon form before
is replaced by the real password of
the user who requests single sign-on
access.
• When a logon form is requested for
a user with a GET request that is
sent from a browser, script code is
inserted into the form to fill it out
and forward it to the cloud
application.
This event is only executed when the
proxy (inline) mode is configured for
the single sign-on process.
218
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of incident IDs
22
Table 22-4 List of events (continued)
Name
Description
Parameters
SSO.UpdateCredentials
Updates credentials of a user who
attempts to log on in a single sign-on
process to a cloud application.
1 String: Identity provider
2 String: User name
To authenticate a user, the credentials 3 String: Cloud
are evaluated by an authentication
application
instance, which is also known as
identity provider (IdP), for example, an 4 JSON: Credentials in
LDAP or NTLM database.
JSON format
The new credentials are stored in the
database of the identity provider.
Statistics.Counter.Increment
Increments a counter.
Statistics.Counter.Reset
Resets a counter.
String: Counter name
Stopwatch.Reset
Sets an internal watch that measures
processingtime for rule sets to zero.
String: Rule set name
Stopwatch.Start
Starts an internal watch that measures String: Rule set name
processing time for rule sets.
Stopwatch.Stop
Stops an internal watch that measures String: Rule set name
processing time for rule sets.
Syslog
Writes an entry into syslog.
1 Number: Log level
0 – Emergency
1 – Alert
2 – Critical
3 – Error
4 – Warning
5 – Notice
6 – Info
7 – Debugging
2 String: Log entry
Throttle.Client
Limits the speed (in Kbps) of data
Number: Speed limit
transfer from a client to the appliance.
Throttle.Server
Limits the speed (in Kbps) of data
transfer from a web server to the
appliance.
Number: Speed limit
TIE: Report File Reputation
Sends a file reputation score to a TIE
server.
Number: File reputation
score
List of incident IDs
The following table provides a list of the incident IDs you can use in rules.
The incident IDs are grouped in numerical ranges as follows.
1-199
Incidents related to the appliance system
200-299
Core subsystem incidents
300-399
Update module incidents
400-499
Virus and malware filtering incidents
McAfee Web Gateway 7.8.0
Interface Reference Guide
219
22
Configuration lists
List of incident IDs
500-599
Log File Manager incidents
600-699
sysconfd daemon incidents
700-799
Proxy module incidents
800-899
Virus and malware filtering incidents
900-999
Authentication incidents
1000-1099
URL filtering incidents
1100-1199
Quota management incidents
1200-1299
SSL certificate incidents
1300-1399
ICAP client incidents
1400-1499
Media type filtering incidents
1500-1599
Opener incidents
1600-1699
SSL certificate chain incidents
1700-1799
User interface incidents
1800-1849
External lists incidents
1850-1899
Application filtering incidents
1900-1999
Data Loss Prevention (DLP) incidents
2000-2099
Streaming media filtering incidents
2100-2199
Media type filtering incidents
2200-2299
Dynamic Content Classifier incidents
2300-2399
Single sign-on service incidents
2400-2499
Cloud storage encryption incidents
2500-2549
Credential store incidents
2550-2599
Single Sign On (SSO) incidents
2650-2699
Cloud Access Security Broker (CASB) catalog incidents
3000-3200
Central Management incidents
3200-3399
Web Hybrid incidents
3400-3499
Web SaaS connector incidents
3500-3599
Protocol Detector incidents
Table 22-5 List of incident IDs
220
Incident ID Description
Origin number and name
Severity
5
A rule that uses an incident property was executed.
1 System
7
20
RAID monitoring reported critical status or failure of 1 Health Monitor
one or more hard disks.
4 (or 3 for
hard-disk
failure)
21
S.M.A.R.T health check reported an error on an HDD 1 Health Monitor
hard disk.
4
22
File system usage has exceeded a configured limit.
1 Health Monitor
4
23
Memory usage has exceeded a configured limit.
1 Health monitor
4
24
System load has exceeded a configured limit.
1 Health Monitor
4
26
A check has been executed to detect a BBU RAID
error. The checking interval is 30 minutes.
1 Health Monitor
4
200
The license expiration date has been checked.
2 Core
6
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of incident IDs
Table 22-5 List of incident IDs (continued)
Incident ID Description
Origin number and name
Severity
201
The appliance has successfully completed all FIPS
140-2 self-tests.
2 Core
6
211
The maximum number of entries in dashboard
report x has been exceeded.
2 Statistics
4
298
Update of product x succeeded.
2 Core
6
299
Update of product x failed.
2 Core
3
250
An entry in a list is invalid and will be ignored.
2 Core
3
301
Download of update files was stopped because
there is not enough disk space.
3 Updater
3
302
Download of product x failed on node y.
3 Updater
3
303
Update of product x failed on node y.
3 Updater
3
304
Status of product x on node y is up to date.
3 Updater
3
305
The update module could not connect to an update
server.
3 Updater
3
321
Download of product x succeeded on node y.
3 Updater
6
322
Download of product x succeeded on node y.
3 Updater
6
323
Update of customer subscribed list x succeeded on
node y.
3 Customer Subscribed List 6
Manager
324
Update of customer subscribed list x failed on
nodes y, z, ...
3 Customer Subscribed List 3
Manager
325
Status of customer subscribed list x on node y is up
to date.
3 Customer Subscribed List 6
Manager
326
Download of customer subscribed list x failed on
nodes y, z, ...
3 Customer Subscribed List 3
Manager
327
Download of McAfee subscribed list x failed on
nodes y, z, ...
3 Updater
3
328
Update of McAfee subscribed list x failed on nodes
y, z, ...
3 Updater
3
329
Status of McAfee subscribed list x on nodes y, z, ... is 3 Updater
up to date.
6
330
Update of McAfee subscribed list x succeeded on
node y.
3 Updater
6
331
Processing scheduled job x succeeded
3 Scheduled Job Manager
6
332
Processing scheduled job x failed.
3 Scheduled Job Manager
3
333
Update of updatable system lists failed on node y.
3 Central Updater
3
334
Update of updatable system lists succeeded on
node y.
3 Central Updater
6
335
Status of updatable system lists on node y is up to
date.
3 Central Updater
6
340-349
Migration failed for different reasons.
3 Migration
6
500
The log manager experienced an unrecoverable
internal error and will terminate.
5 Log File Manager
2
501
Log File Manager failed to push log files.
5 Log File Manager
3
600
A yum update contained packages that require a
restart of the appliance to become effective.
6 mwg-update
4
McAfee Web Gateway 7.8.0
Interface Reference Guide
221
22
Configuration lists
List of incident IDs
Table 22-5 List of incident IDs (continued)
222
Incident ID Description
Origin number and name
Severity
601
A yum update was successfully completed.
6 mwg-update
5
602
A yum update failed.
6 mwg-update
3
620
A major distribution upgrade was successfully
completed.
6 mwg-dist-upgrade
5
621
A major distribution upgrade is in progress. The
appliance will restart automatically.
6 mwg-dist-upgrade
4
622
A major distribution upgrade failed. Check the
upgrade log file.
6 mwg-dist-upgrade
3
666
A FIPS 140-2 self-test failed on node y. The node is
running in non-FIPS mode.
1 FIPS
0
700
The number of concurrent connections has
exceeded the configured overload limit. The
appliance has entered overload status. Requests
sent to the appliance are accepted with delay.
2 Proxy
2
701
The appliance is in overload status for more than 30 2 Proxy
seconds. Requests sent to the appliance are
accepted with delay.
2
702
The appliance has left overload status. Requests
sent to the appliance are again accepted without
delay.
2 Proxy
4
703
The number of concurrent connections has
exceeded the configured high-load limit. The
appliance has entered high-load status. Requests
sent to the appliance are accepted with a delay.
2 Proxy
4
704
The appliance is in high-load status for more than
30 seconds. Requests sent to the appliance are
accepted with a delay.
2 Proxy
4
705
The number of concurrent connections has
dropped below 85 % of the configured high-load
limit. The appliance is still in high-load status.
Requests sent to the appliance are accepted with a
delay.
2 Proxy
6
710
A next-hop proxy server is down and will not be
available for n seconds.
2 Proxy
4
711
The appliance could not connect to a next-hop
proxy server.
2 Proxy
4
712
A next-hop proxy server has moved back from error 2 Proxy
status to normal operation.
6
720
The listener on IP address x, port y could not be
opened.
2 Proxy
2
730
A changed proxy mode configuration requires a
restart of the appliance.
2 Proxy
2
740
The number of concurrent connections has
exceeded the overload limit that is configured for
an IFP proxy. Overload status has been entered.
New requests are not processed.
2 Proxy
2
741
Overload status lasts more than 30 seconds for an
IFP proxy. New requests are not processed.
2 Proxy
2
742
Overload status has been left for an IFP proxy.
Requests are again accepted without delay.
2 Proxy
4
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of incident IDs
Table 22-5 List of incident IDs (continued)
Incident ID Description
Origin number and name
Severity
743
The number of concurrent connections has
exceeded the high-load limit that is configured for
an IFP proxy. High-load status has been entered.
New requests are not processed.
2 Proxy
4
744
High-load status lasts more than 30 seconds for an
IFP proxy. New requests are not processed.
2 Proxy
4
745
The number of concurrent connections has
dropped below 85 % of the high-load limit that is
configured for an IFP proxy. High-load status is still
on. Requests are accepted with a delay.
2 Proxy
6
750
A key for the HSM Agent could not be loaded due to 2 Proxy
an error on the appliance side.
2
751
A key for the HSM Agent could not be loaded due to 2 Proxy
an error on the agent side.
2
752
The ID of a key for an HSM Agent could not be
retrieved due to an error on the appliance side.
2 Proxy
2
753
The ID of a key for an HSM Agent could not be
retrieved due to an error on the agent side.
2 Proxy
2
760
The WCCP listener could not be started.
2 Proxy
2
761
WCCP could not start send and listerner threads.
2 Proxy
2
762
WCCP could not resolve the router address <host>
2 Proxy
3
763
WCCP could not join the multicast group <host>
2 Proxy
3
764
An error occurred when reading WCCP sockets or
writing to them.
2 Proxy
3
765
Authentication with the WCCP router <host> failed.
2 Proxy
3
766
WCCP message parsing failed and malformed
packets were created.
2 Proxy
3
767
The WCCP service ID or group could not be found
2 Proxy
3
768
A WCCP router for a service ID was added.
2 Proxy
6
769
A WCCP router for a service ID was removed.
2 Proxy
6
850
An update of the MGAM module for virus and
malware filtering was successfully completed.
2 Anti-Malware Filter
6
851
An update of the MGAM module for virus and
malware filtering failed.
2 Anti-Malware Filter
3
852
Download or verification of the update files for the
MGAM module failed.
2 Anti-Malware Filter
3
853
The version of the MGAM module for virus and
malware filtering is up to date.
2 Anti-Malware Filter
6
854
An update of the Avira module for virus and
malware filtering was successfully completed.
2 Anti-Malware Filter
6
855
An update of the Avira module for virus and
malware filtering failed.
2 Anti-Malware Filter
3
856
Download or verification of the update files for the
Avira module failed.
2 Anti-Malware Filter
3
857
The version of the Avira module for virus and
malware filtering is up to date.
2 Anti-Malware Filter
6
McAfee Web Gateway 7.8.0
Interface Reference Guide
223
22
Configuration lists
List of incident IDs
Table 22-5 List of incident IDs (continued)
224
Incident ID Description
Origin number and name
Severity
901
The appliance is connected to n servers for NTML
authentication in Windows domain x.
2 NTLM Authentication
Filter
6
902
The appliance could not connect to n servers for
NTML authentication in Windows domain x.
2 NTLM Authentication
Filter
4
903
The appliance could not contact Windows domain x
for NTLM authentication.
2 NTLM Authentication
Filter
3
910
The appliance is connected to the LDAP server with
configuration ID n.
2 LDAP Authentication
Filter
6
912
The appliance was disconnected from the LDAP
server with configuration ID n.
2 LDAP Authentication
Filter
4
913
The appliance could not connect to any LDAP server 2 LDAP Authentication
with configuration ID n.
Filter
3
920
A response has been received from RADIUS server x 2 RADIUS Authentication
after attempting to start communication to retrieve Filter
information for authenticating users.
6
921
A response has again been received from RADIUS
2 RADIUS Authentication
server x after communication had been interrupted. Filter
6
923
An authentication request sent to RADIUS server x
has led to a timeout.
3
931
The appliance is connected to NTLM-Agent server x. 2 NTLM-Agent
Authentication Filter
6
932
The appliance has been disconnected from
NTLM-Agent server x.
2 NTLM-Agent
Authentication Filter
3
933
The appliance could not connect to NTLM-Agent
server x.
2 NTLM-Agent
Authentication Filter
3
940
An update of a Certificate Revocation List was
successfully completed.
2 Authentication Filter
6
941
An update of a Certificate Revocation List failed.
2 Authentication Filter
4
942
A download of a Certificate Revocation List failed.
2 Authentication Filter
4
943
The status of a Certificate Revocation List is up to
date.
2 Authentication Filter
6
1050
An update of the URL Filter module was successfully 2 URL Filter
completed.
6
1051
An update of the URL Filter module failed.
2 URL Filter
3
1052
Download or verification of update files for the URL
Filter module failed.
2 URL Filter
3
1053
Status of the URL Filter module is up to date.
2 URL Filter
6
1650
An updated Certificate Revocation List was
downloaded and loaded successfully.
2 Certificate Chain Filter
6
1651
An updated Certificate Revocation List was
downloaded, but could not be loaded.
2 Certificate Chain Filter
4
1652
An updated Certificate Revocation List could not be
downloaded.
2 Certificate Chain Filter
3
1653
Status of all Certificate Revocation Lists is up to
date.
2 Certificate Chain Filter
6
1700
An admin user logged on successfully to the user
interface.
7 User interface
4
McAfee Web Gateway 7.8.0
2 RADIUS Authentication
Filter
Interface Reference Guide
22
Configuration lists
List of incident IDs
Table 22-5 List of incident IDs (continued)
Incident ID Description
Origin number and name
Severity
1701
Logon of an admin user to the user interface failed.
7 User interface
3
1702
The IP address of a client that an end user sent a
request from changed.
7 User interface
4
1703
An admin user logged off successfully from the user 7 User interface
interface.
6
1704
A logoff from the user interface was forced upon an 7 User interface
admin user after a restart of an appliance, a
timeout, or a similar incident had occurred.
6
1710
An admin user saved changes successfully.
7 User interface
6
1711
An attempt by an admin user to save changes
failed.
7 User interface
3
1800
The number of entries that can be retrieved from an 2 External Lists Filter
external list has exceeded the configured limit.
4
1801
The amount of data of entries that can be retrieved
from an external list has exceeded the configured
limit.
2 External Lists Filter
4
1802
An error occurred when data was retrieved from an
external list.
2 External Lists Filter
4
1803
An error occurred when data that had been
retrieved from an external list was converted.
2 External Lists Filter
4
1804
A time-out occurred when data was retrieved from
an external list.
2 External Lists Filter
4
1805
Permission to retrieve data from an external list was 2 External Lists Filter
denied.
4
1806
A resource for retrieving external list data could not
be found.
2 External Lists Filter
4
1850
An update of the database for application filtering
was successfully completed.
2 Application Control
6
1851
An update of the database for application filtering
failed.
2 Application Control
3
1852
A download of the database for application filtering
failed.
2 Application Control
3
1853
Status of the database for application filtering is up
to date.
2 Application Control
6
1854
Loading the database for application filtering failed. 2 Application Control
3
1855
Loading the database for application filtering was
successfully completed.
2 Application Control
6
1950
An update of the Data Loss Prevention (DLP)
module was successfully completed.
2 Data Loss Prevention
6
1951
An update of the Data Loss Prevention (DLP)
module failed.
2 Data Loss Prevention
3
1952
Download or verification of the update files for the
Data Loss Prevention (DLP) module failed.
2 Data Loss Prevention
3
1953
Status of the Data Loss Prevention (DLP) is up to
date.
2 Data Loss Prevention
6
2001
An error occurred with the Stream Detector
module.
2 Stream Detector
2
McAfee Web Gateway 7.8.0
Interface Reference Guide
225
22
Configuration lists
List of incident IDs
Table 22-5 List of incident IDs (continued)
Incident ID Description
Origin number and name
Severity
2101
The database for media type filtering could not be
loaded.
2 Media Type Filter
2
2200
An update of the Dynamic Content Classifier was
successfully completed.
2 Dynamic Content
Classifier
6
2201
An update of the Dynamic Content Classifier failed.
2 Dynamic Content
Classifier
3
2202
A download or verification of the update files for
the Dynamic Content Classifier failed.
2 Dynamic Content
Classifier
3
2203
Status of the Dynamic Content Classifier is up to
date.
2 Dynamic Content
Classifier
6
2350
An update of the files for the single sign-on process
was successfully completed.
3 Single Sign On Service
6
2351
An update of the files for the single sign-on process
failed.
3 Single Sign On Service
3
2352
A download or verification of the updated files for
the single sign-on process failed.
3 Single Sign On Service
3
2353
Status oft he files for the single sign-on process are
up to date.
3 Single Sign On Service
2401
Failed to load services database.
3 Cloud Storage Encryption 2
This incident is reported when the Cloud Storage
Encryption module cannot load files with a
description of supported cloud storage services.
2502
Credential store export incident
Export of data from the credential store failed.
2503
Credential store import incident
Import of data into the credential store failed.
2510
Credential store incident
A credential store error occurred. See the message
in the incident report and more details in the error
log.
2550
SSO update success
The SSO module was successfully updated.
2551
SSO update failure
The SSO module could not successfully be updated.
See the errors log for more details.
2552
SSO download failed
Files could not successfully be downloaded from the
SSO server.
2553
SSO catalog up to date
There is no new version of the SSO files on the
update server.
226
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of incident IDs
Table 22-5 List of incident IDs (continued)
Incident ID Description
2650
Origin number and name
Severity
3 Central Management
3
SSO catalog update success
The SSO connector catalog was successfully
updated.
2651
SSO catalog update failure
The SSO connector catalog could not successfully
be updated.
See the errors log for more details.
2652
SSO catalog download failed
SSO connector catalog files could not successfully
be downloaded from the update server.
2653
SSO catalog up to date
There is no new version of the SSO connector
catalog files on the update server.
3000
At least one node in a Central Management
configuration is not in synchronized status (with
regard to storage and configuration).
The number of unsynchronized nodes changes.
This incident is only recorded on the root node.
3001
After incident 3000 occurred, all nodes in a Central
Management configuration are again in
synchronized status (with regard to storage and
configuration).
3 Central Management
6
3005
3 Central Management
At least one node in a Central Management
configuration did not respond properly after shared
data had been sent out.
3
The number of nodes not properly responding
changes.
This incident is only recorded on the root node and
only if the shared data was intended for all nodes.
3006
After incident 3004 occurred, all nodes in a Central
Management configuration responded properly
again to the sending of shared data.
3 Central Management
6
3200
Sending lists to McAfee Web Gateway Cloud Service
was successfully completed.
3 Web Hybrid
6
3201
Sending lists to McAfee Web Gateway Cloud Service
failed.
3 Web Hybrid
3
3205
Lists were successfully downloaded from McAfee
Web Gateway Cloud Service and stored.
3 Web Hybrid
6
3206
Lists could not be downloaded from McAfee Web
Gateway Cloud Service and stored.
3 Web Hybrid
3
3210
Synchronization status could not be determined.
3 Web Hybrid
3
3211
An error occurred with the API for McAfee Web
Gateway Cloud Service, for example, a mismatch of
the API version.
3 Web Hybrid
3
3250
Status of synchronization with McAfee Web
Gateway Cloud Service is OK.
3 Web Hybrid
6
McAfee Web Gateway 7.8.0
Interface Reference Guide
227
22
Configuration lists
List of operators
Table 22-5 List of incident IDs (continued)
Incident ID Description
Origin number and name
Severity
3300
The list for Web Service Access is not available for
an unknown reason.
2 Web Hybrid
2
3301
The list for Web Service Access does not exist.
2 Web Hybrid
2
3302
The settings for Web Service Access are not
available for an unknown reason.
2 Web Hybrid
2
3303
The settings for Web Service Access do not exist.
2 Web Hybrid
2
3400
A policy could not be synchronized to McAfee Web
Gateway Cloud Service.
8 SaaS Connector
3
3500
The Protocol Detector rule set could not be found
and loaded.
2 Protocol Detector Filter
2
3501
The Protocol Detector rule set was broken or
corrupt and could not be loaded.
2 Protocol Detector Filter
2
List of operators
The following table provides a list of the operators that you can use in rules.
The operators are listed in alphabetical order.
The part that precedes the operator in the criteria of a rule is referred to as property and the part that follows it
as operand.
Some properties are of the list type, which means they can have more than one value at the same time.
Table 22-6 List of operators
Operator
Description
all in list
All values of the property must be entries in the list of the operand.
This operator is for use with values of the string type only.
Example:
URL.Categories<Default> all in list Category Blocklist
The criteria matches if, for example, the values of URL.Categories are Entertainment, Media
Downloads, and Streaming Media, and all of them are entries in the list Category Blocklist.
at least one in
list
One of the values of the property must be an entry in the list of the operand.
This operator is for use with values of the string type only.
Example:
URL.Categories<Default> at least one in list Category Blocklist
The criteria matches if, for example, one of the values of URL.Categories is Nudity and this is also
an entry in the list Category Blocklist.
228
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of operators
22
Table 22-6 List of operators (continued)
Operator
Description
contains
The value of the operand must be a part of the value of the property.
This operator is for use with values of the string type only. The string for the operand is
submitted by typing it in a suitable field of the user interface.
Example:
Authentication.UserGroups contains "Domain Users"
The criteria matches if the string "Domain Users" can be found in the list of strings that are the
values of Authentication.UserGroups.
does not contain The value of the operand must not be a part of the value of the property.
This operator is for use with values of the string type only. The string for the operand is
submitted by typing it in a suitable field of the user interface.
Example:
Authentication.UserGroups does not contain "Domain Users"
The criteria matches if the string "Domain Users" cannot be found in the list of strings that are
the values of Authentication.UserGroups.
does not equal
The value of the property must not be the same as the value of the operand.
Example:
Antimalware.Infected<Gateway Anti-Malware> does not equal false
The criteria matches if the value of Antimalware.Infected is true.
Or:
Cycle.TopName does not equal "Response"
The criteria matches, for example, if the value of Cycle.TopName is "Request".
Wildcards are not allowed as operands when this operator is used. Even using a blank at the
beginning or end of an operand will prevent this operator from working properly.
does not match
The value of the property must not be:
• the same as the value of the operand
• or: covered by the wildcard (regular or glob expression) that is the value of the operand
Example:
URL.Host does not match *.mcafee.com
The criteria matches if the value of URL.Host is, for example, www.cisco.com.
does not match
in list
The value of the property must not be:
• the same as one of the entries in the list of the operand
• or: covered by one of the wildcards (regular or glob expressions) in the list of the operand
Example:
URL.Host matches in list URL.Whitelist
The criteria matches, for example, if the value of URL.Host is www.mcafee.com, and this is not
an entry in the list URL.Whitelist.
The criteria also matches if the value of URL.Host is www.mcafee.com and no regular or glob
expression that would cover this value is found in the list URL.Whitelist.
McAfee Web Gateway 7.8.0
Interface Reference Guide
229
22
Configuration lists
List of operators
Table 22-6 List of operators (continued)
Operator
Description
equals
The value of the property must be the same as the value of the operand.
Example:
Antimalware.Infected<Gateway Anti-Malware> equals true
The criteria matches if the value of Antimalware.Infected is true.
Or:
Cycle.TopName equals "Request"
The criteria matches if the value of Cycle.TopName is "Request".
Wildcards are not allowed as operands when this operator is used. Even using a blank at the
beginning or end of an operand will prevent this operator from working properly.
greater than
The value of the property must be above the value of the operand.
Example:
Body.Size greater than 20000000
The criteria matches if the value of Body.Size is, for example, 20000001 bytes.
greater than or
equals
The value of the property must be above or the same as the value of the operand.
Example:
Body.Size greater than or equals 20000000
The criteria matches if the value of Body.Size is, for example, 20000001 or 20000000 bytes.
is in list
The value of the property must be an entry in the list of the operand.
This operator is for use with values of the string type only.
Example:
Client.IP is in list Allowed Clients
The criteria matches if, for example, the client IP address is 181.153.30.0 and this is an entry in
the list Allowed Clients.
is in range list
The value of the property must be within one of the ranges of values that are entries in the list
of the operand.
This operator is for use with values of the string type only.
Example:
Client.IP is in range list Anti-Malware Quarantine IPRange
The criteria matches if, for example, the client IP address is 207.183.100.0 and this value can
be found within one of the ranges of values in the list Anti-Malware Quarantine IPRange.
is not in list
The value of the property must not be an entry in the list of the operand.
This operator is for use with values of the string type only.
Example:
Client.IP is not in list Allowed Clients
The criteria matches if, for example, the client IP address is 174.199.0.0 and this is not an entry
in the list Allowed Clients.
230
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of operators
22
Table 22-6 List of operators (continued)
Operator
Description
is not in range
list
The value of the property must not be within one of the ranges of values that are entries in the
list of the operand.
This operator is for use with values of the string type only.
Example:
Client.IP is not in range list Anti-Malware Quarantine IPRange
The criteria matches if, for example, the client IP address is 207.183.100.0 and this value is not
found within any of the ranges of values in the list Anti-Malware Quarantine IPRange.
less than
The value of the property must be below the value of the operand.
Example:
Body.Size less than 20000000
The criteria matches if the value of Body.Size is, for example, 19999999 bytes.
less than or
equals
The value of the property must be below or the same as the value of the operand.
Example:
Body.Size less than or equals 20000000
The criteria matches if the value of Body.Size is, for example, 19999999 or 20000000 bytes.
matches
The value of the property must be:
• the same as the value of the operand
• or: covered by the wildcard (regular or glob expression) that is the value of the operand
Example:
URL.Host matches *.mcafee.com
The criteria matches if the value of URL.Host is, for example, www.mcafee.com.
matches in list
The value of the property must be:
• the same as one of the entries in the list of the operand
• or: covered by one of the wildcard (regular or glob expressions) in the list of the operand
Example:
URL.Host matches in URL.Whitelist
The criteria matches if the value of URL.Host is, for example, www.mcafee.com, and this is an
entry in the list URL.Whitelist.
The criteria also matches if the value of URL.Host is www.mcafee.com, and, for example,
regex(www.mcafee.*) is an entry in the list URL.Whitelist.
none in list
None of the values of the property must be entries in the list of the operand.
This operator is for use with values of the string type only.
Example:
URL.Categories<Default> none in list Category Blocklist
The criteria matches if, for example, the values of URL.Categories are Entertainment, Media
Downloads, and Streaming Media, and none of them can be found in the list Category Blocklist.
McAfee Web Gateway 7.8.0
Interface Reference Guide
231
22
Configuration lists
List of properties
List of properties
The following tables provides a list of the properties you can use in rules.
Order of properties
The properties are listed in alphabetical order. However, the listing takes into consideration the parts of the
property names. Name parts begin with a capital letter, in many cases they are also separated by periods.
For example, Body.HasMimeHeaderParameter is listed before Body.Hash.
There are no properties with names that begin with K, O, V, X, Y, or Z.
SaaS compatibility
Properties that are SaaS-compatible can be used when creating security rules for the web usage of on-premise
users as well as of cloud users. Most properties are actually SaaS-compatible, however, some are not, which
means they can only be used in rules for on-premise users.
More properties will be made available as SaaS-compatible items in future releases of Web Gateway.
If you use a property that is not SaaS-compatible in a rule that you create on Web Gateway, you are informed
on the user interface that you cannot synchronize this rule for use in the cloud.
For a few properties, synchronization can be performed, but when the rules that contain them are executed for
use in the cloud, only default values are retrieved for these properties.
These default values are usually meaningless with regard to web security purposes. For example, for the
Proxy.Port property, 0 is retrieved as a value instead of a real port number when this property is processed within
a rule for use in the cloud.
In the following list, a note is added to the description of a property if it is not SaaS-compatible. If a property can
be synchronized together with the rule that contains it, but only a default value is retrieved, this is also
indicated.
Properties in context
You can easily find out about the rules and rule sets that use a property.
1
On the user interface, click Search, and under Search for objects referring to, select Property and the property you
are interested in.
The rules that use the property are shown. For example, for Antimalware.Infected, the rule Block if virus was
found is shown.
2
Select a rule and click Show in context.
The rule and the property are shown within in its rule set. For example, the rule for Antimalware.Infected is
shown within the Gateway Anti-Malware rule set.
232
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Properties - A
The following table describes the properties that have names beginning with A.
Table 22-7 Properties – A
Name
Type
Description
Parameters
Action.Names
List of
String
List with names of the actions that were
performed when processing a request,
including the response received upon the
request
Antimalware.Avira.VersionString
String
Version of the Avira engine that was used
to perform a scanning job
Antimalware.Infected
Boolean
If true, a web object has been found to be
infected.
Antimalware.Proactive.Probability
Number
Probability that a web object is malware
The probability is a percentage, indicated
by a number from 1 to 100.
Antimalware.MATD.GetReport
Boolean
If true, a scanning report exists already
for a web object that is to be scanned by
Advanced Threat Defense.
This property is not
SaaS-compatible.
Antimalware.MATD.Hash
String
Antimalware.MATD.InitBackgroundScan Boolean
Hash value used to identify a file that was
received from a web server in response
to a download request and scanned by
Advanced Threat Defense.
Number:
Maximum
number of
seconds
that can
The data is recorded in preparation of the elapse
scanning that is performed by Advanced before an
Threat Defense when the web object that internal
should be scanned has already been
request to
forwarded to the user who requested it.
initiate
An internal request is also sent to initiate scanning is
accepted
the scanning.
If true, data for the current transaction is
recorded, including data that is related to
a request for web access and the
response from the web server.
If this request is not accepted before the
timeout (in seconds) has elapsed that is
configured as a parameter of the
property, the attempt to let additional
scanning be performed by Advanced
Threat Defense has failed.
This property is not
SaaS-compatible.
Antimalware.MATD.IsBackgroundScan
Boolean
If true, the data that was recorded in
preparation of the additional scanning is
used by Advanced Threat Defense to scan
the web object specified by the data.
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
233
22
Configuration lists
List of properties
Table 22-7 Properties – A (continued)
Name
Type
Description
Parameters
Antimalware.MATD.Probability
Number
Severity grade indicating how malicious a
web object is on a scale from 1 (low
severity grade) to 5
The severity grade is found when an
object is scanned by Advanced Threat
Defense.
Antimalware.MATD.Report
String
Report for a web object that was scanned
by Advanced Threat Defense
The report is provided in JSON data
format.
Antimalware.MATD.Server
String
Server that Advanced Threat Defense was
running on when scanning a web object
The server is identified by a URL, for
example, http://matdserver300.
234
Antimalware.MATD.TaskID
String
Identifier for the task that was performed
by Advanced Threat Defense when
scanning a web object
Antimalware.MATD.VersionString
String
Version of Advanced Threat Defense that
was used to perform a scanning job
Antimalware.MGAM.VersionString
String
Version of the McAfee Gateway
Anti-Malware engine that was used to
perform a scanning job
Antimalware.VersionString
String
Version information referring to all
engines for virus and malware filtering
that were used by Web Gateway to
perform a scanning job
Antimalware.VirusNames
List of
String
List with names of the viruses that a web
object has been found to be infected with
AnyText.Language
String
Name of the language that a given text is
written in
Application.IsHighRisk
Boolean
If true, access to an application is
considered to be a high risk for web
security.
Application.IsMediumRisk
Boolean
If true, access to an application is
considered to be a medium risk for web
security.
Application.IsMinimalRisk
Boolean
If true, access to an application is
considered to be a minimal risk for web
security.
Application.IsUnverified
Boolean
If true, it has not been verified that access
to an application is a risk for web security
Application.Name
Applcontrol Name of an application
Application.Reputation
Number
McAfee Web Gateway 7.8.0
String: Text
to find
language
The languages are identified according to name for
ISO-639-1.
Reputation score for an application
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-7 Properties – A (continued)
Name
Type
Description
Parameters
Application.ToString
String
Name of an application converted into a
string
Applcontrol:
Application
name to
convert
Authentication.Authenticate
Boolean
If true, the authentication engine has
been called to apply the configured
method, for example, NTLM, to the
credentials of a user and the user has
been authenticated successfully.
Values have also been set for the
Authentication.IsAuthenticated and
Authentication.UserName properties.
If false, it was not possible to apply the
configured authentication method
successfully, for example, because no
credentials or incorrect credentials were
submitted.
This property is not
SaaS-compatible.
Authentication.CacheRemainingTime
Number
Time (in seconds) that remains until
authentication credentials are cleared
from the cache
Authentication.Failed
Boolean
If true, credentials were provided by a
user, but authentication has failed.
Authentication.FailureReason.ID
Number
Number identifying the reason why
authentication has failed for a user
Authentication.FailureReason.Message
String
Message text explaining the reason why
authentication has failed for a user
Authentication.GetUserGroups
List of
String
List of user groups that the
authentication process is applied to
This property is not
SaaS-compatible.
Authentication.GetUserGroups.JSON
JSON
List of user groups that the
authentication process is applied to
provided as a JSON object
This property is not
SaaS-compatible.
Authentication.ICEToken.Attributes
List
List of additional attributes that are
retrieved from an ICE token
Authentication.ICEToken.Audiences
List
List of audiences that are retrieved from
an ICE token
Authentication.ICEToken.Subject
String
Subject that is retrieved from an ICE
token
Authentication.IsAuthenticated
Boolean
If true, a user has been successfully
authenticated.
Authentication.IsLandingOnServer
Boolean
If true, cookie authentication has been
applied for a user.
McAfee Web Gateway 7.8.0
Interface Reference Guide
235
22
Configuration lists
List of properties
Table 22-7 Properties – A (continued)
Name
Type
Description
Parameters
Authentication.IsServerRequest
Boolean
If true, authentication has been
requested for a user under the
Authentication Server method.
Authentication.Method
String
Method used for authenticating a user,
for example, LDAP
Authentication.OTP.Context
String
Information required for verifying a
one-time password user in encrypted
format
The property is set to this value when the
Authentication.SendOTP event is executed.
When the rules of the Authentication
Server (Time/IP Based Session or
Authorized Override with OTP library rule
sets are processed, the information is
sent in the header of a response under
the HTTP protocol.
This property is not
SaaS-compatible.
Authentication.RawCredentials
String
Credentials of a user in the format
originally received on the appliance from
a client or other instances of the network
Using this property for rule configuration
will speed up processing because it saves
the time used for converting user
credentials to a human readable format,
as it is done for the simple
Authentication.UserName property.
Authentication.RawUserName
String
Name of a user in the format originally
received on the appliance from a client or
other instances of the network
Using this property for rule configuration
will speed up processing because it saves
the time used for converting the user
name to a human readable format, as it
is done for the simple
Authentication.UserName property.
Authentication.Realm
String
Authentication realm, for example, a
Windows domain
Authentication.SAML.Attributes
List of
String
Stores a list of attribute name-value pairs
extracted from the <saml2:Attribute> tag
in the SAML response. When there are
multiple values for one attribute name,
the values are separated by commas.
This property is not
SaaS-compatible.
Authentication.SAML.CreateAuthnRequest
236
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-7 Properties – A (continued)
Name
Type
Description
Parameters
see above
HTTP POST
form
Creates the SAML authentication request
which is sent to the external Identity
Provider and sets the
Authentication.SAML.IDPSSOEndpoint
property to the URL of the external
Identity Provider.
This property is not
SaaS-compatible.
Authentication.SAML.Error
String
Describes the error that occurred when
the authentication server failed to
validate the SAML response.
Errors messages are provided by the
OpenSAML library.
Authentication.SAML.IDPSSOEndpoint
String
Specifies the SSO URL of the external
Identity Provider. If an error occurs, the
user is redirected to this URL.
This property is not
SaaS-compatible.
Authentication.SAML.ParseAuthnResponse
see above
String
Parses the SAML authentication response
that is received from the external Identity
Provider. If the response is valid, this
property returns a list of attribute
name-value pairs in the
Authentication.SAML.Attributes property.
If the response is invalid, this property
returns an error in the property
Authentication.SAML.Error.
This property is not
SaaS-compatible.
Authentication.SAML.RelayState
String
Stores the value of the ACS URL at the
time that the authentication server
creates the SAML authentication request.
The authentication server sends the
RelayState parameter to the external
Identity Provider in the authentication
request. The Identity Provider returns the
parameter unchanged in the
authentication response. The proxy can
use the value stored in the RelayState to
construct the ACS URL when the external
Identity Provider does not support
dynamic URLs.
This property is not
SaaS-compatible.
Authentication.SOCKSKerberosProtectionLevel
McAfee Web Gateway 7.8.0
Interface Reference Guide
237
22
Configuration lists
List of properties
Table 22-7 Properties – A (continued)
Name
Type
Description
Parameters
see above
Number
Number representing the protection level
that is used when the SOCKS Kerberos
authentication method is configured
Authentication.Token
String
Stores the SAML assertion returned by
the external Identity Provider.
Authentication.UserGroups
List of
string
List of user groups that the
authentication process is applied to
Authentication.UserName
String
Name of a user that the authentication
process is applied to
Properties - B
The following table describes the properties that have names beginning with B.
Table 22-8 Properties – B
Name
Type
Description
Block.ID
Number ID of an action that blocked a
request
Block.Reason
String
BlockingSession.IsBlocked
Boolean If true, a blocking session has
been activated for a user.
Parameters
Name of the reason for an action
that blocked a request
This property is not
SaaS-compatible.
BlockingSession.RemainingSession Number Remaining time of a blocking
session (in minutes)
This property is not
SaaS-compatible.
BlockingSession.SessionLength
Number Time length of a blocking session
(in minutes)
This property is not
SaaS-compatible.
Body.ChangeHeaderMime
Boolean If true, the header sent in MIME
format with the body of a web
object has been changed.
Body.ClassID
String
Body.Equals
Boolean If true, the body of a web object
matches the pattern specified by
the property parameters.
ID for a class of web objects
1 Number: Position of byte
where pattern begins
2 String: Pattern
a. String embedded in
double quotes (“ ...”, can
also contain hex values
preceded by \)
or:
b. Sequence of hex values
238
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-8 Properties – B (continued)
Name
Type
Description
Body.FileName
String
Name of a file that is embedded
in the body of a web object, for
example, an archived file
Body.FullFileName
String
Name of a file that is embedded
in the body of a web object,
including also the names of the
embedding entities, such as
documents or archives
Parameters
Name parts are separated by the
| (pipe) symbol, for example,
test.zip|test.doc.
Body.HasMimeHeader
Boolean If true, the body of an extracted
multi-part object sent in MIME
format has a specified header.
String: Header name
Body.HasMimeHeaderParameter
Boolean If true, the body of an extracted
multi-part object sent in MIME
format has a specified header
parameter.
1 String: Header name
Body.Hash
String
2 String: Header parameter
name
String: Hash type
Hash value of the type specified
by the property parameter for the
body of a web object
Hash types can be md5, sha1,
sha256, sha512, and others.
Body.HashSHA1
String
Body.IsAboveSizeLimit
Boolean If true, the body of a web object is
above a size limit.
Body.IsCompleteWithTimeout
Boolean If true, the body of a web object
has been completely sent to the
appliance before the time (in
milliseconds) specified by the
property parameter has elapsed.
Body.IsCorruptedObject
Boolean If true, an archive contained in the
body of a web object is corrupted.
Body.IsEncryptedObject
Boolean If true, an archive contained in the
body of a web object is encrypted.
Body.IsMultiPartObject
Boolean If true, an archive contained in the
body of a web object is complex,
including multiple parts.
Body.IsSupportedByOpener
Boolean If true, an opener device is
available on the appliance for the
body of a web object that is
composite, for example,the body
of an archive.
Body.MimeHeaderParameterlValue String
Body.MimeHeaderValue
McAfee Web Gateway 7.8.0
String
Hash value of the SHA1 type for
the body of a web object
Value of a header parameter in
the body of a web object sent in
MIME format
Number: Time allowed to
send object completely)
1 String: Header name
2 String: Header parameter
value
Value of a header in the body of a String: Header value
web object sent in MIME format
Interface Reference Guide
239
22
Configuration lists
List of properties
Table 22-8 Properties – B (continued)
Name
Type
Description
Body.Modified
Boolean If true, an appliance module has
modified the body of a web
object.
Body.NestedArchive Level
Number Current level of an archive part in
an archive
Body.NotEquals
Boolean If false, the body of a web object
matches the pattern specified by
the property parameters.
Parameters
1 Number: Position of byte
where pattern begins
2 String: Pattern
a. String embedded in
double quotes (“ ...”, can
also contain hex values
preceded by \)
or:
b. Sequence of hex values
Body.NumberOfChildren
Number Number of objects embedded in
the body of a web object
Body.PositionOfPattern
Number Position of the byte where the
1 String: Pattern to search
search for a pattern in the body of
for
a web object begins
a. String embedded in
Returns -1 if the pattern is not
double quotes (“ ...”, can
found.
also contain hex values
preceded by \)
or:
b. Sequence of hex values
2 Number: Position of byte
where search for pattern
begins
3 Number: Search length
(in bytes, 0 means search
from offset to end of
object)
240
Body.Size
Number Size of the body of a web object
(in bytes)
Body.Text
String
McAfee Web Gateway 7.8.0
Text in the body of a web object
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-8 Properties – B (continued)
Name
Type
Description
Body.ToNumber
Number Part of the body of a web object
converted into a number
(maximum 8 bytes beginning at a
specified position)
The big-endian or little-endian
format can be used for the
conversion.
Parameters
1 Number: Position of byte
where converted part
begins
2 Number: Length of
converted part (in bytes,
maximum 8)
0 for the first parameter
and the respective value
of the Body.Size property
for the second means the
whole body is converted.
3 Boolean: If true,
little-endian format is
used for
conversion,otherwise
big-endian
Body.ToString
String
Part of the body of a web object
converted into a string
1 Number: Position of byte
where converted part
begins
2 Number: Length of
converted part (in bytes)
0 for the first parameter
and the respective value
of the Body.Size property
for the second means the
whole body is converted.
Body.UncompressedSize
Number Size of the body of an archived
web object (in bytes) after having
been extracted from the archive
BooleanToString
String
BytesFromClient
Number Number of bytes received in a
request from a client
BytesFromServer
Number Number of bytes received in a
response from a web server
BytesToClient
Number Number of bytes in a web server
response that is forwarded to a
client
BytesToServer
Number Number of bytes in a client
request that is forwarded to a
web server
McAfee Web Gateway 7.8.0
Boolean value converted into a
string
Boolean: Boolean value to
convert
Interface Reference Guide
241
22
Configuration lists
List of properties
Properties - C
The following table describes the properties that have names beginning with C.
Table 22-9 Properties – C
Name
Type
Description
Parameters
Cache.AdditionalKey
String
Key that can be used in addition to the
default key for web caching
Cache.IsCacheable
Boolean If true, an object sent in response from a
web server can be stored in the web cache.
Cache.IsFresh
Boolean If true, an object stored in the web cache
has either been downloaded from the web
or has been verified.
Cache.Status
String
Cache status for a web object
Values:
• TCP_HIT – A web object was requested by
a user and found in the cache.
• TCP_MISS – A web object was requested
by a user and not found in the cache.
• TCP_MISS_RELOAD – A web object was
requested by a user, but was not taken
from the cache because the user
required it to be fetched directly from the
web server in question by clicking the
Refresh button.
The object was then entered into the
cache again.
• TCP_MISS_VERIFY – A web object was
requested by a user and existed in the
cache, but verification information from
the web server in question showed it was
outdated.
An updated version of the object was
received from the server and entered
into the cache.
242
Category.ToShortString
String
URL category converted into a string that is
the category abbreviation
Category:
Category to
convert
Category.ToString
String
URL category converted into a string
Category:
Category to
convert
Client.IM.Login
String
ID used by a client to log on to the
appliance under an instant messaging
protocol
Client.IM.ScreenName
String
Screen name of of a client communicating
with the appliance under an instant
messaging protocol
Client.IP
IP
IP address of a client
Client.NumberOfConnections
Number Number of connections from a client to the
appliance that are open at the same time
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-9 Properties – C (continued)
Name
Type
Description
Parameters
CloudEncryption.IsEncryptionSupported Boolean If true, encryption can be performed for the
data that is uploaded to a cloud storage
service with the request that is currently
processed.
The Cloud Storage Encryption module finds out
whether this is true by evaluating service
description files for cloud storage services
and the settings that are configured on
Web Gateway, for example, the Cloud Storage
Encryption Support settings, which specify the
supported cloud storage services.
CloudEncryption.IsDecryptionSupported Boolean If true, decryption can be performed for the
data that is downloaded from a cloud
storage service with the request that is
currently processed.
For the method of finding out whether this
is true, see the description of the
CloudEncryption.IsEncryptionSupported
property.
CloudEncryption.ServiceName
String
Name of the cloud storage service that data
is uploaded to or downloaded from with
the request that is currently processed.
The property is always filled with a value
when request are received on Web
Gateway for uploading or downloading
cloud storage data.
However, the property should not be used
in rule criteria to trigger an encryption or
decryption event upon a match of the
criteria.
For this purpose, the
CloudEncryption.IsEncryptionSupported and
CloudEncryption.IsDecryptionSupported
properties are provided.
CloudEncryption.CipherName
String
Name of the algorithm (cipher) used for
encrypting or decrypting the cloud storage
data that is uploaded or downloaded with
the request that is currently processed.
Command.Categories
List of
String
List of categories that a command belongs
to, for example, to the FTP command
category
Command.Name
String
Name of a command
Command.Parameter
String
Parameter of a command
Connection.Aborted
Boolean If true, communication on a connection has
finally failed and the connection is closed.
Connection.IP
IP
McAfee Web Gateway 7.8.0
IP address used on a connection
Interface Reference Guide
243
22
Configuration lists
List of properties
Table 22-9 Properties – C (continued)
Name
Type
Description
Parameters
Connection.IPSec
Boolean If true, data is sent using IPSec to provide a
VPN tunnel that connects a mobile device
and McAfee Web Gateway Cloud Service.
Other rules can then be applied depending
on the value of this property.
The default value of the property is false.
Rules that use this property are
intended for protecting web usage
by cloud users with McAfee Web
Gateway Cloud Service.
They can also be written and
enabled for cloud use when
working with Web Gateway.
When these rules are only
processed for web usage of
on-premise users, the property is
set to the default value (false).
Connection.IPSec.Device
String
Name of a device that is connected to
McAfee Web Gateway Cloud Service when
data is sent using IPSec to provide a VPN
tunnel
The property can be used in a rule to find
out the name of mobile device that was
used to send data in this way.
The default value of the property is an
empty string.
Rules that use this property are
intended for protecting web usage
by cloud users with McAfee Web
Gateway Cloud Service.
They can also be written and
enabled for cloud use when
working with Web Gateway.
When these rules are only
processed for web usage of
on-premise users, the property is
set to the default value (an empty
string)
244
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-9 Properties – C (continued)
Name
Type
Description
Parameters
Connection.OriginalDestinationIP
IP
IP address of the destination that a request
was originally sent to over a given
connection
The default value is 0.
This property is not
SaaS-compatible.
A rule with this property can,
however, be synchronized for use
in the cloud, but only the default
value is then retrieved for this
property.
Connection.Port
Number Port number of the port that a request sent
by a client over a given connection is
received on
Connection.Protocol
String
Connection.Protocol.IsIM
Boolean If true, communication on a connection
uses an instant messaging protocol.
Connection.Protocol.Parent
String
Protocol used for communication on a
connection, for example, HTTP
The embedding protocol for the protocols
that are used in communication with the
clients when Web Gateway runs as a proxy
under the SOCKS protocol.
This protocol is the SOCKS protocol, while
various protocols can be embedded, for
example, HTTP or HTTPS.
Connection.RunTime
Number Time (in seconds) that a connection has
been running since it was opened until the
current second
Connection.SSL.TransparentCNHandling Boolean If true, communication on a connection is
SSL-secured and runs in transparent mode.
Connection.VlanID
Number VLAN ID of the network that a client uses to
communicate with Web Gateway
Cycle.LastCall
Boolean If true, processing of data is complete for a
cycle.
Cycle.Name
String
Name of a processing cycle
Cycle.TopName
String
Name of a cycle (Requests or Responses)
that is processed before a web object is
processed in the Embedded Objects cycle
Properties - D
The following table describes the properties that have names beginning with D.
Table 22-10 Properties – D
Name
Type
DataTrickling.Enabled
Boolean If true, data trickling is used for
downloading web objects.
DateTime.Date.MonthDayNumber
Number Number of day in month
McAfee Web Gateway 7.8.0
Description
Parameters
Interface Reference Guide
245
22
Configuration lists
List of properties
Table 22-10 Properties – D (continued)
Name
Type
Description
DateTime.Date.MonthNumber
Number Number of month
DateTime.Date.ToString
String
Parameters
String representing current date (in
the format specified by the property
parameters)
String including the
following three parts:
1 %YYYY (for the year)
or:
%YY (last two digits)
or:
%Y (last two digits,
but only one digit if
the last two digits
begin with 0, for
example, 9 for 2009)
2 %MM (for the month
number with 0
inserted before
one-digit numbers)
or:
%M (0 is not inserted,
for example, 3 for
March and 12 for
December)
3 %DD (for the day)
or:
%D
If no parameter is
specified, the format is:
%YYYY/%MM /%DD
DateTime.Date.WeekDayNumber
Number Number of day in week (1 is Sunday)
DateTime.Date.Year
Number Year (four digits)
DateTime.Date.YearTwoDigits
Number Year (last two digits)
DateTime.GMTString.FromEpoch
String
Number: Current time
String representing current time (in
in UNIX epoch seconds
GMT format, converted from
number of UNIX epoch seconds
specified by the property parameter)
The property can be used with the
DateTime.IsInRangeGMT property in a
rule that checks whether a time
range has expired, for example, the
time range set for cookie expiration.
DateTime.IsInRangeGMT
Boolean If true, the current time is in the
range specified by one string in GMT
format for the beginning of the
range and another for the end.
The strings can be provided using
the DateTime.GMTString.FromEpoch
property with different values.
246
McAfee Web Gateway 7.8.0
1 String: String
representing a time
in GMT format
2 String: String
representing a time
in GMT format
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-10 Properties – D (continued)
Name
Type
DateTime.IsInRangeISO
Boolean If true, the current time is in the
range specified by one string in ISO
format for the beginning of the
range and another for the end
DateTime.ISOString.FromEpoch
String
Description
Parameters
1 String: String
representing a time
in ISO format
The strings can be provided using
the DateTime.ISOString.FromEpoch
property with different values.
2 String: String
representing a time
in ISO format
String representing current time (in
ISO format, converted from number
of UNIX epoch seconds specified by
the property parameter)
Number: Current time
in UNIX epoch seconds
The property can be used with the
DateTime.IsInRangeISO property in a
rule that checks whether a time
range has expired, for example, the
time range set for cookie expiration.
DateTime.Time.Hour
Number Hour (in 24-hours format, for
example, 1 p. m. is 13)
DateTime.Time.Minute
Number Minute in hour
DateTime.Time.Second
Number Second in minute
DateTime.Time.ToString
String
String representing current time (in
the format specified by the property
parameters)
String including the
following three parts:
1 %h (for the hour)
or:
%hh (with 0 inserted
before a one-digit
hour)
2 %m (for the minute)
or:
%mm
3 %s (for the second)
or:
%ss
If no parameter is
specified, the format is:
%hh:%mm:%ss
DateTime.ToGMTString
String
String representing current date and
time in Greenwich Mean Time
format
For example, “Mon, 22 March 2012
11:45:36 GMT”
DateTime.ToISOString
String
String representating current date
and time in ISO format
For example, "2012-03-22 11:45:12"
McAfee Web Gateway 7.8.0
Interface Reference Guide
247
22
Configuration lists
List of properties
Table 22-10 Properties – D (continued)
Name
Type
Description
Parameters
DateTime.ToNumber
Number Current time in number of seconds
since beginning of 1/1/1970 (UNIX
epoch time)
DateTime.ToString
String
String representing current date and String including the
time (in the format specified by the
part of the
property parameters)
DateTime.Date.ToString
and DateTime.Time.
ToString properties
If no parameter is
specified, the format is:
%YYYY/%MM /%DD
%hh:%mm:%ss
DateTime.ToWebReporterString
String
String representing current date and
time in Web Reporter format
For example, “29/Oct/2012:14:28:15
+0000”
DecimalNumber.ToString
String
Decimal number converted to a
string
1 Number: Decimal
number to convert
The string is truncated according to a
2 Number: Number of
parameter.
places after the
For example, 10.12345 is truncated
decimal point
to 10.12 if this parameter is 2.
Dimension.ToString
String
Dimension converted into a string
Dimension:Dimension
to convert
DLP.Classification.AnyText.Matched
Boolean If true, a given text string is specified String: Text checked for
as sensitive or inappropriate content being sensitive or
by one or more entries in
inappropriate
classification lists.
DLP.Classification.AnyText.MatchedClassifications
see above
List of
String
List of entries in classification lists
that specify a given text string as
sensitive or inappropriate
String: Text checked for
being sensitive or
inappropriate
The list is filled when
DLP.Classification.AnyText.Matched has
been set to true.
DLP.Classification.AnyText.MatchedTerms
see above
List of
String
String: Text checked for
List of terms including a given text
string that is specified as sensitive or being sensitive or
inappropriate by one or more entries inappropriate
in classification lists
The list is filled when
DLP.Classification.AnyText.Matched has
been set to true.
DLP.Classification.BodyText.Matched Boolean If true, the text of a request or
response body includes content that
is specified as sensitive or
inappropriate by one or more entries
in classification lists.
DLP.Classification.BodyText.MatchedClassifications
248
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-10 Properties – D (continued)
Name
Type
Description
Parameters
see above
List of
String
List of entries in classification lists
that specify the sensitive or
inappropriate content found in the
body text of requests or responses
The list is filled when
DLP.Classification.BodyText.Matched
has been set to true .
DLP.Classification.BodyText.MatchedTerms
see above
List of
String
List of terms in request or response
body text that are sensitive or
inappropriate content according to
one or more entries in classification
lists.
The list is filled when
DLP.Classification.BodyText.Matched
has been set to true.
DLP.Dictionary.AnyText.Matched
Boolean If true, a given text string is specified String: Text checked for
as sensitive or inappropriate content being sensitive or
on a dictionary list.
inappropriate
DLP.Dictionary.AnyText.MatchedTerms
see above
List of
String
List of terms including a given text
String: Text checked for
string that is specified as sensitive or being sensitive or
inappropriate on a dictionary list
inappropriate
The list is filled when
DLP.Dictionary .AnyText.Matched has
been set to true.
DLP.Dictionary.BodyText.Matched
Boolean If true, the text of a request or
response body includes content that
is specified as sensitive or
inappropriate by an entry you made
in a dictionary list.
DLP.Dictionary.BodyText.MatchedTerms
see above
List of
String
List of the terms in request or
response body text that are sensitive
or inappropriate content according
to the entries you made in a
dictionary list
The list is filled when
DLP.Dictionary.BodyText.Matched has
been set to true.
DNS.Lookup
McAfee Web Gateway 7.8.0
List of IP List of IP addresses found in a DNS
lookup for a host name
String: Host name
Interface Reference Guide
249
22
Configuration lists
List of properties
Table 22-10 Properties – D (continued)
Name
Type
Description
Parameters
DNS.Lookup.Reverse
List of
String
List of host names found in a reverse IP: IP address
DNS lookup for an IP address
DXL.Query
String
Information retrieved about a topic
by sending a DXL query to a service
1 String: Topic that the
query is about
2 String: Information
about the topic that
the query retrieves
as response
Properties - E
The following table describes the properties that have names beginning with E.
Table 22-11 Properties – E
Name
Type
Description
Error.ID
Number
ID of an error
Error.Message
String
Message text describing an error
ExtLists.Boolean
Boolean
Boolean value
Parameters
This property is not SaaS-compatible.
1 String: Value
holding the place
of a term that
identifies an
external list
source, for
example, in a URL
2 String: as above
3 String: as above
ExtLists.Category
Category
as above
URL category
This property is not SaaS-compatible.
ExtLists.CategoryList
List of Category
as above
List of URL categories
This property is not SaaS-compatible.
ExtLists.Double
Double
as above
Double value
This property is not SaaS-compatible.
ExtLists.DoubleList
List of Double
as above
List of Double values
This property is not SaaS-compatible.
ExtLists.Integer
Integer
as above
Integer
This property is not SaaS-compatible.
250
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-11 Properties – E (continued)
Name
Type
Description
Parameters
ExtLists.IntegerList
List of Integer
List of integers
as above
This property is not SaaS-compatible.
ExtLists.IP
IP
as above
IP address
This property is not SaaS-compatible.
ExtLists.IPList
List of IP
as above
List of IP addresses
This property is not SaaS-compatible.
ExtLists.IPRange
IPRange
as above
IP address range
This property is not SaaS-compatible.
ExtLists.IPRangeList
List of IPRange
as above
List of IP address ranges
This property is not SaaS-compatible.
ExtLists.JSON
JSON
as above
List of JSON elements
This property is not SaaS-compatible.
ExtLists.LastUsedListName String
String representing name of settings for
the External Lists module that were used
last
ExtLists.MediaType
Media type
MediaType
as above
This property is not SaaS-compatible.
ExtLists.MediaTypeList
List of
MediaType
as above
List of media types
This property is not SaaS-compatible.
ExtLists.String
String
as above
String
This property is not SaaS-compatible.
ExtLists.StringList
List of String
as above
List of strings
This property is not SaaS-compatible.
ExtLists.StringMap
List of String
List of strings representing map type pairs as above
of keys and values
This property is not SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
251
22
Configuration lists
List of properties
Table 22-11 Properties – E (continued)
Name
Type
Description
Parameters
ExtLists.Wildcard
Wildcard
Expression
Wildcard (regular) expression
as above
This property is not SaaS-compatible.
ExtLists.WildcardList
List of Wildcard
Expression
List of wildcard (regular) expressions
as above
This property is not SaaS-compatible.
Properties - F
The following table describes the properties that have names beginning with F.
Table 22-12 Properties – F
Name
Type
Description
Parameters
FileSystemLogging.MakeAnonymous String String made anonymous by encryption
The default values is an empty string.
String: String to
encrypt
This property is not
SaaS-compatible.
A rule with this property can,
however, be synchronized for use
in the cloud, but only the default
value is then retrieved for this
property.
Properties - G
The following table describes the properties that have names beginning with G.
Table 22-13 Properties – G
Name
Type
Description
Parameters
GTI.RequestSentToCloud Boolean If true, a lookup request for URL category information was
sent to the Global Threat Intelligence server.
Properties - H
The following table describes the properties that have names beginning with H.
Table 22-14 Properties – H
252
Name
Type
Description
Parameters
Header.Block.Exists
Boolean
If true, a specified block header exists.
String: Header
name
Header.Block.Get
String
First value found for a specified block
header
String: Header
name
Header.Block.GetMultiple
List of String List of values found for a specified
block header
McAfee Web Gateway 7.8.0
String: Header
name
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-14 Properties – H (continued)
Name
Type
Description
Parameters
Header.Exists
Boolean
If true, a specified header is contained
in a request or response that is
processed on the appliance.
String: Header
name
It depends on the current processing
cycle whether it is actually a request or
response that contains the header.
Header.Get
String
String: Header
First value found for the specified
header in a request or response that is name
processed on the appliance
It depends on the current processing
cycle whether it is actually a request or
response that contains the header.
Header.GetMultiple
List of String List of values found for a specified
String: Header
header in a request or response that is name
processed on the appliance
It depends on the current processing
cycle whether it is actually a request or
response that contains the header.
Header.ICAP.Request.Exists
Boolean
If true, a specified header is contained
in a request sent in ICAP
communication.
String: Header
name
This property is not
SaaS-compatible.
Header.ICAP.Request.ExistsMatching
Boolean
If true, a specified header is contained
in a request sent in ICAP
communication and matches a given
wildcard expression.
This property is not
SaaS-compatible.
Header.ICAP.Request.Get
String
First value found for a specified
header in a request sent in ICAP
communication
1 String:
Header name
2 Wildcard
expression
String: Header
name
This property is not
SaaS-compatible.
Header.ICAP.Request.GetMatching
String
First value found for a specified
header in a request sent in ICAP
communication that also matches a
given wildcard expression
This property is not
SaaS-compatible.
Header.ICAP.Response.Exists
Boolean
If true, a specified header is contained
in a response received in ICAP
communication.
1 String:
Header name
2 Wildcard
expression
String: Header
name
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
253
22
Configuration lists
List of properties
Table 22-14 Properties – H (continued)
Name
Type
Header.ICAP.Response.ExistsMatching Boolean
Description
Parameters
If true, a specified header is contained
in a response received in ICAP
communication and matches a given
wildcard expression.
1 String:
Header name
This property is not
SaaS-compatible.
Header.ICAP.Response.Get
String
First value found for a specified
header in a response received in ICAP
communication
2 Wildcard
expression
String: Header
name
This property is not
SaaS-compatible.
Header.ICAP.Response.GetMatching
String
First value found for a specified
header in a response received in ICAP
communication that also matches a
given wildcard expression
This property is not
SaaS-compatible.
254
1 String:
Header name
2 Wildcard
expression
Header.Request.Exists
Boolean
If true, a specified header is contained
in a request.
String: Header
name
Header.Request.Get
String
First value found for a specified
header in a request
String: Header
name
Header.Request.GetMultiple
List of String List of values found for a specified
header in a request
String: Header
name
Header.Response.Exists
Boolean
If true, a specified header is contained
in a response.
String: Header
name
Header.Response.Get
String
First value found for a specified
header in a response
String: Header
name
Header.Response.GetMultiple
List of String List of values found for a specified
header in a response
String: Header
name
Hex.ToString
String
Hex value converted into a string
Hex: Hex value
to convert
HTML.Element.Attribute
String
String representing an attribute of an
HTML element
HTML.Element.Dimension
Dimension
Dimension of an HTML element (width
and height)
HTML.Element.HasAttribute
Boolean
If true, an HTML element has a
specified attribute.
HTML.Element.Name
String
Name of an HTML element
HTML.Element.ScriptType
String
Script type of an HTML element, for
example, JavaScript or Visual Basic
Script
McAfee Web Gateway 7.8.0
String: Attribute
name
Interface Reference Guide
22
Configuration lists
List of properties
Properties - I
The following table describes the properties that have names beginning with I.
Table 22-15 Properties – I
Name
Type
Description
Parameters
ICAP.Policy
String
Name of a policy included in
an ICAP request for a URL
ICAP.ReqMod.ResponseHeader.Exists
Boolean If true, a response sent from
an ICAP server in REQMOD
mode contains a specified
header.
String:
Header
name
This property is not
SaaS-compatible.
ICAP.ReqMod.ResponseHeader.ExistsMatching
Boolean If true, a response sent from
an ICAP server in REQMOD
mode contains a specified
header and matches a given
wildcard expression.
This property is not
SaaS-compatible.
ICAP.ReqMod.ResponseHeader.Get
String
First value found for a
specified header in a
REQMOD response
1 String:
Header
name
2 Wildcard
expression
String:
Header
name
This property is not
SaaS-compatible.
ICAP.ReqMod.ResponseHeader.GetMatching
String
First value found for a
specified header in a
REQMOD response that also
matches a given wildcard
expression
This property is not
SaaS-compatible.
ICAP.ReqMod.ResponseHeader.GetMultiple
List of
String
List of values found for a
specified header in a
REQMOD response
1 String:
Header
name
2 Wildcard
expression
String:
Header
name
This property is not
SaaS-compatible.
ICAP.ReqMod.ResponseHeader.GetMultipleMatching
List of
String
List of values found for a
specified header in a
REQMOD response that also
match a given wildcard
expression
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
1 String:
Header
name
2 Wildcard
expression
Interface Reference Guide
255
22
Configuration lists
List of properties
Table 22-15 Properties – I (continued)
Name
Type
Description
Parameters
ICAP.ReqMod.Satisfaction
Boolean If true, an ICAP server has
replaced a request with a
response.
The ICAP server does this
after sending a message that
a particular request is
blocked.
This property is not
SaaS-compatible.
ICAP.RespMod.EncapsulatedHTTPChanged
Boolean If true, an ICAP server has
changed the HTTP state for a
response sent in RESPMOD
mode.
This property is not
SaaS-compatible.
ICAP.RespMod.ResponseHeader.Exists
Boolean If true, a response sent from
an ICAP server in RESPMOD
mode contains a specified
header.
String:
Header
name
This property is not
SaaS-compatible.
ICAP.RespMod.ResponseHeader.ExistsMatching
Boolean If true, a response sent from
an ICAP server in RESPMOD
mode contains a specified
header that also matches a
given wildcard expression.
This property is not
SaaS-compatible.
ICAP.RespMod.ResponseHeader.Get
String
First value found for a
specified header in a
RESPMOD response
1 String:
Header
name
2 Wildcard
expression
String:
Header
name
This property is not
SaaS-compatible.
ICAP.RespMod.ResponseHeader.GetMatching
String
First value found in a
RESPMOD response for a
specified header that also
matches a given wildcard
expression
This property is not
SaaS-compatible.
256
McAfee Web Gateway 7.8.0
1 String:
Header
name
2 Wildcard
expression
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-15 Properties – I (continued)
Name
Type
Description
Parameters
ICAP.RespMod.ResponseHeader.GetMultiple
List of
String
List of values found for a
specified header in a
RESPMOD response
String:
Header
name
This property is not
SaaS-compatible.
ICAP.RespMod.ResponseHeader.GetMultipleMatching List of
String
List of values found in a
RESPMOD response for a
specified header that also
matches a given wildcard
expression
This property is not
SaaS-compatible.
IM.Direction
String
1 String:
Header
name
2 Wildcard
expression
Direction of a chat message
sent or a file transferred
under an instant messaging
protocol and processed on
the appliance
For a chat message sent from
a client to the appliance, the
direction could, for example,
be specified as out, for a
message sent from a server
to the appliance it could be
specified as in.
This property is not
SaaS-compatible.
IM.FileName
String
Name of a file transferred
under an instant messaging
protocol
This property is not
SaaS-compatible.
IM.FileSize
Number Size of a file transferred
under an instant messaging
protocol (in bytes)
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
257
22
Configuration lists
List of properties
Table 22-15 Properties – I (continued)
Name
Type
Description
Parameters
IM.MessageCanSendBack
Boolean If true, a block message or
other message can be sent
from the appliance to a user
of an instant messaging
service.
A block message is, for
example, sent back to a user
who submitted a chat
message during a time
interval that is not allowed for
chatting.
A message can typically not
be sent before a user has
completed the procedure for
logging on to the instant
messaging service.
This property is not
SaaS-compatible.
IM.Notification
String
Name of a template used for
sending a notification from
the appliance to a user of an
instant messaging service, for
example, a block message
This property is not
SaaS-compatible.
IM.Recipient
String
Name of a client that receives
a chat message or file under
an instant messaging protocol
This name can also be a
group name (group ID) when
a chat message is sent to a
group of recipients.
This property is not
SaaS-compatible.
IM.Sender
String
Name of a client that sends a
chat message or file under an
instant messaging protocol
This property is not
SaaS-compatible.
Incident.AffectedHost
IP
IP address of a host that is
involved in an incident, for
example, a web server that
the appliance cannot connect
to
This property is not
SaaS-compatible.
258
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-15 Properties – I (continued)
Name
Type
Description
Parameters
Incident.Description
String
Plain-text description of an
incident
This property is not
SaaS-compatible.
Incident.ID
Number ID of an incident
For a list of these IDs, refer to
the List of incident IDs.
This property is not
SaaS-compatible.
Incident.Origin
Number Number specifying the
appliance component that is
the origin of an incident
1 – Appliance system
2 – Core subsystem
3 – Coordinator
subsystem
4 – Anti-Malware process
5 – Log File Manager
6 – sysconf daemon
7 – User interface
8 – SaaS connector
9 – Unidentified origin
The origin of an incident is
further specified by the
Incident.OriginName property.
For the origin of an incident
with a particular ID, refer to
the List of incident IDs.
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
259
22
Configuration lists
List of properties
Table 22-15 Properties – I (continued)
Name
Type
Description
Parameters
Incident.OriginName
String
Name of an appliance
component that is the origin
of an incident, for example,
Core or Log File Manager
The name can be that of one
of the main components that
are listed under
Incident.Origin.
It can also be the name of a
subcomponent, which
appears together with the
Incident.Origin number for the
related main component.
For example, the value of
Incident.OriginName could be
2 Proxy.
For the origin name of an
incident with a particular ID,
refer to the List of incident IDs.
This property is not
SaaS-compatible.
Incident.Severity
Number Severity of an incident
Severity levels:
0 – Emergency
1 – Alert
2 – Critical
3 – Error
4 – Warning
5 – Notice
6 – Informational
7 – Debug
These levels are the same as
those used in syslog entries.
For the severity level of an
incident with a particular ID,
refer to the List of incident IDs.
This property is not
SaaS-compatible.
260
InTheCloud
Boolean if true, a rule that is currently
processed is executed in the
cloud
IP.ToString
String
IP address converted into a
string
IP: IP address
to convert
IPRange.ToString
String
Range of IP addresses
converted into a string
IPRange:
Range of IP
addresses to
convert
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Properties - J
The following table describes the properties that have names beginning with J.
Table 22-16 Properties – J
Name
Type
Description
Parameters
JSON.ArrayAppend
JSON
JSON array with specified element appended
1 JSON: Array
2 JSON: Element to append
JSON.AsBool
Boolean Value of specified JSON element returned as
Boolean value
JSON: Element
The element value must be a Boolean
value.
JSON.AsNumber
Number Value of specified JSON element returned as
number
JSON: Element
The element value must be a number in
Long, Double, or Hexadecimal format.
JSON.AsString
String
Value of specified JSON element returned as
string
JSON: Element
The element value must be a string.
JSON.CreateArray
JSON
New empty JSON array
JSON.CreateObject
JSON
New empty JSON object
JSON.CreateNull
JSON
JSON element value null
JSON.FromBool
JSON
JSON element value created from Boolean
value
Boolean: Boolean value to
create JSON element value
from
JSON.FromNumber
JSON
JSON element value created from number
Number: Number to create
JSON element value from
JSON.FromNumberList String
JSON element value created from number list
List of Number: Number list
to create JSON element
value from
JSON.FromString
JSON
JSON element value created from string
String: String to create JSON
element value from
JSON.FromStringList
JSON
JSON element value created from string list
List of String: String list to
create JSON element value
from
JSON.GetAt
JSON
JSON element value retrieved from specified
position in specified array
1 JSON: Array
2 Number: Position of
element
JSON.GetByName
JSON
JSON element identified by key retrieved from 1 JSON: Object
specified object
2 String: Element key
JSON.GetType
String
Type of specified JSON element
McAfee Web Gateway 7.8.0
JSON: Element
Interface Reference Guide
261
22
Configuration lists
List of properties
Table 22-16 Properties – J (continued)
Name
Type
Description
Parameters
JSON.PutAt
JSON
JSON array with element inserted in specified
position
1 JSON: Array
2 Number: Position of
element
3 JSON: Element
JSON.ReadFromString
JSON
JSON element created from specified string
String: String to create
element from
JSON.RemoveAt
JSON
JSON array with element at specified position
removed
1 JSON: Array:
JSON object with element identified by
specified key removed
1 JSON: Object
JSON.RemoveByName JSON
2 Number: Position of
element
2 String: Element key
JSON.Size
Number Number of elements in specified JSON object
or array
JSON: Object or array
JSON.StoreByName
JSON
JSON object with element value stored under
specified key
1 JSON: Object
If the object does not exist yet, it is created
under the name that is specified for the
object.
3 JSON: Element value
JSON.ToString
String
JSON element value converted into a string
2 String: Element key
JSON: Element value to
convert
The element value can be a string or in
any of the other data formats for
element values.
262
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Properties - L
The following table describes the properties that have names beginning with L.
Table 22-17 Properties – L
Name
Type
Description
License.RemainingDays
Number
Remaining time until a
license expires (in days)
List.LastMatches
String
String containing all
elements that have been
found to match when
two lists are compared
using an operator such
as at least one in list or all
in list
Parameters
Matches are only added
to the list as long it has
not yet been decided
whether the relationship
between the lists that
the operator evaluates
exists or not.
For example, list A
contains the elements 1,
2, 3, whereas list B
contains 1, 2, 4.
Both lists are compared
using the at least one in
list operator.
To find out that list A
actually contains at least
one element of list B, the
operator only needs to
compare element 1 in
both lists and detect that
they match.
List.LastMatches then
contains 1 because it has
been found to be a
match.
2 is also a match in the
two lists, but is not
contained in
List.LastMatches because
it was not evaluated by
the operator and found
to be a match.
It was not evaluated
because the operator
had already found out
after evaluating the 1 in
both lists that at least
one element of list A was
also in list B.
If the property
String.BelongsToDomains
has "true" as its value,
the string that is
McAfee Web Gateway 7.8.0
Interface Reference Guide
263
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
specified as its first
parameter is set as the
value of List.LastMatches.
This means
List.LastMatches then
provides a string that
matched in a list of
domain names, being
either the name of a
domain or a subdomain.
The same applies for the
property
URL.Host.BelongsToDomai
ns and List.LastMatches.
List.OfCategory.Append
List of
Category
List of URL categories
that a category is
appended to
1 List of Category: List to
append category to
2 Category: Category to
append
List.OfCategory.ByName
List of
Category
List of URL categories
(specified by its name)
String: List name
List.OfCategory.Erase
List of
Category
List of URL categories
with specified category
erased
1 List of Category: List with
category to erase
List of URL categories
with specified range of
categories erased
1 List of Category: List with
categories to erase
List.OfCategory.EraseElementRange
List of
Category
2 Number: Position of
category to erase
2 Number: Position of first
category to erase
3 Number: Position of last
category to erase
List.OfCategory.EraseList
List.OfCategory.Find
List of
Category
Number
List of URL categories
with categories that are
also on other list erased
1 List of Category: List with
categories to erase
Position of a URL
category on a list
1 List of Category: List with
category to find position
for
2 List of Category: List of
categories to erase on first
list
2 Category: Category to find
position for
List.OfCategory.Get
Category
URL category specified
by its position on a list
1 List of Category: List
containing category
2 Number: Position of
category on list
264
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfCategory.GetElementRange
List of
Category
List of URL categories
extracted from other list
1 List of Category: List with
categories to extract
2 Number: Position of first
category to extract
3 Number: Position of last
category to extract
List.OfCategory.Insert
List of
Category
List of URL categories
with specified category
inserted
1 List of Category: List to
insert category in
2 Category: Category to
insert
List.OfCategory.IsEmpty
Boolean
If true, the specified list
is empty.
List of Category: List to check
for being empty
List.OfCategory.Join
List of
Category
List of URL categories
created by joining two
lists
1 List of Category: First list
to join
2 List of Category: Second
list to join
List.OfCategory.Reverse
List of
Category
List of URL categories
List of Category: List in
that has its original order original order
reverted
List.OfCategory.Size
Number
Number of URL
categories on a list
List of Category: List to
provide number of
categories for
List.OfCategory.Sort
List of
Category
List of URL categories
sorted in alphabetical
order
List of Category: List to sort
List.OfCategory.ToShortString
String
List of URL categories
converted into a list of
their abbreviated name
forms
List of Category: List to
convert
List.OfCategory.ToString
String
List of URL categories
converted into a string
List of Category: List to
convert
List.OfDimension.Append
List of
Dimension
List of dimensions that a
dimension is appended
to
1 List of Dimension: List to
append dimension to
2 Dimension: Dimension to
append
List.OfDimension.ByName
List of
Dimension
List of dimensions
specified by its name
String: List name
List.OfDimension.Erase
List of
Dimension
List of dimensions with
specified dimension
erased
1 List of Dimension: List with
dimension to erase
McAfee Web Gateway 7.8.0
2 Number: Position of
dimension to erase
Interface Reference Guide
265
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
List.OfDimension.EraseElementRange List of
Dimension
Description
Parameters
List of dimensions with
specified range of
dimensions erased
1 List of Dimension: List with
dimension range to erase
2 Number: Position of first
dimension to erase
3 Number: Position of last
dimension to erase
List.OfDimension.EraseList
List.OfDimension.Find
List of
Dimension
Number
List of dimensions with
dimensions that are also
on other list erased
1 List of Dimension: List with
dimensions to erase
Position of a dimension
on a list
1 List of Dimension: List with
dimension to find position
for
2 List of Dimension: List of
dimensions to erase on
first list
2 Dimension: Dimension to
find position for
List.OfDimension.Get
Dimension
Dimension specified by
its position on a list
1 List of Dimension: List
containing dimension
2 Number: Position of
dimension on list
List.OfDimension.GetElementRange
List of
Dimension
List of dimensions
extracted from other list
1 List of Dimension: List with
dimensions to extract
2 Number: Position of first
dimension to extract
3 Number: Position of last
dimension to extract
4 Dimension: Dimension to
insert
List.OfDimension.Insert
List of dimensions with
specified dimension
inserted
1 List of Dimension: List to
insert dimension in
2 Dimension: Dimension to
insert
List.OfDimension.IsEmpty
Boolean
If true, the specified list
is empty.
List of Dimension: List to
check for being empty
List.OfDimension.Join
List of
Dimension
List of dimensions
created by joining two
lists
1 List of Dimension: First list
to join
List of dimensions that
has its original order
reverted
List of Dimension: List in
original order
List.OfDimension.Reverse
266
List of
Dimension
McAfee Web Gateway 7.8.0
List of
Dimension
2 List of Dimension: Second
list to join
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfDimension.Size
Number
Number of dimensions
on a list
List of Dimension: List to
provide number of
dimensions for
List.OfDimension.Sort
List of
Dimension
List of dimensions sorted List of Dimension: List to sort
in alphabetical order
List.OfDimension.ToString
String
List of dimensions
converted into a string
List.OfHex.Append
List of Hex
List of hex values that a
1 List of Hex: List to append
hex value is appended to
Hex value to
List of Dimension: List to
convert
2 Hex: Hex value to append
List.OfHex.ByName
List of Hex
List of hex values
specified by its name
String: List name
List.OfHex.Erase
List of Hex
List of hex values with
specified value erased
1 List of Hex: List with hex
value to erase
2 Number: Position of hex
value to erase
List.OfHex.EraseElementRange
List of Hex
List of hex values with
1 List of Hex: List with hex
specified range of values
values to erase
erased
2 Number: Position of first
hex value to erase
3 Number: Position of last
hex value to erase
List.OfHex.EraseList
List.OfHex.Find
List of Hex
Number
List of hex values with
values that are also on
other list erased
1 List of Hex: List with hex
values to erase
Position of a hex value
on a list
1 List of Hex: List with hex
value to find position for
2 List of Hex: List of hex
values to erase on first list
2 Hex: Hex value to find
position for
List.OfHex.Get
Hex
Hex value specified by its 1 List of Hex: List containing
position on a list
hex value
2 Number: Position of hex
value on list
List.OfHex.GetElementRange
List of Hex
List of hex values
extracted from other list
1 List of Hex: List with hex
values to extract
2 Number: Position of first
hex value to extract
3 Number: Position of last
hex value to extract
McAfee Web Gateway 7.8.0
Interface Reference Guide
267
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfHex.Insert
List of Hex
List of hex values with
specified value inserted
1 List of Hex: List to insert
hex value in
2 Hex: Hex value to insert
List.OfHex.IsEmpty
Boolean
If true, the specified list
is empty.
List of Hex: List to check for
being empty
List.OfHex.Join
List of Hex
List of hex values created 1 List of Hex: First list to join
by joining two lists
2 List of Hex: Second list to
join
List.OfHex.Reverse
List of Hex
List of hex values that
has its original order
reverted
List.OfHex.Size
Number
Number of hex values on List of Hex: List to provide
a list
number of hex values for
List.OfHex.Sort
List of Hex
List of sorted hex values
List of Hex: List to sort
List.OfHex.ToString
String
List of hex values
converted into a string
List of Hex: List to convert
List.OfIP.Append
List of IP
List of IP addresses that
an IP address is
appended to
1 List of IP: List to append IP
address to
String: List name
List of Hex: List in original
order
2 IP: IP address to append
List.OfIP.ByName
List of IP
List of IP addresses
(specified by its name)
List.OfIP.Erase
List of IP
List of IP addresses with 1 List of IP: List with IP
specified address erased
address to erase
2 Number: Position of IP
address to erase
List.OfIP.EraseElementRange
List of IP
List of IP addresses with
specified range of
addresses erased
1 List of IP: List with IP
addresses to erase
2 Number: Position of first
IP address to erase
3 Number: Position of last IP
address to erase
List.OfIP.EraseList
List.OfIP.Find
List of IP
Number
List of IP addresses with
addresses that are also
on other list erased
1 List of IP: List with IP
addresses to erase
2 List of IP: List of IP
addresses to erase on first
list
Position of an IP address 1 List of IP: List with IP
on a list
address to find position
for
2 IP: IP address to find
position for
268
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfIP.Get
IP
IP address specified by
its position on a list
1 List of IP: List containing IP
address
2 Number: Position of IP
address on list
List.OfIP.GetElementRange
List of IP
List of IP addresses
extracted from another
list
1 List of IP: List with IP
addresses to extract
2 Number: Position of first
IP address to extract
3 Number: Position of last IP
address to extract
List.OfIP.Insert
List of IP
List of IP addresses with
specified address
inserted
1 List of IP: List to insert IP
address in
2 IP: IP address to insert
List.OfIP.IsEmpty
Boolean
If true, the specified list
is empty.
List of IP: List to check for
being empty
List.OfIP.Join
List of IP
List of IP addresses
created by joining two
lists
1 List of IP: First list to join
2 List of IP: Second list to
join
List.OfIP.Reverse
List of IP
List of IP addresses that
has its original order
reverted
List of IP: List in original
order
List.OfIP.Size
Number
Number of IP addresses
on a list
List of IP: List to provide
number of IP addresses for
List.OfIP.Sort
List of IP
List of sorted IP
addresses
List of IP: List to sort
List.OfIP.ToString
String
List of IP addresses
converted into a string
List of IP: List to convert
List.OfIPRange.Append
List of
IPRange
List of IP address ranges
that an IP address range
is appended to
1 List of IPRange: List to
append IP address range
to
2 IPRange: IP address range
to append
List.OfIPRange.ByName
List of
IPRange
List of IP address ranges
specified by its name
String: List name
List.OfIPRange.Erase
List of
IPRange
List of IP address ranges
with specified range
erased
1 List of IPRange: List with IP
address range to erase
McAfee Web Gateway 7.8.0
2 Number: Position of IP
address range to erase
Interface Reference Guide
269
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfIPRange.EraseElementRange
List of
IPRange
List of IP address ranges
with specified ranges
erased
1 List of IPRange: List with IP
address ranges to erase
2 Number: Position of first
IP address range to erase
3 Number: Position of last IP
address range to erase
List.OfIPRange.EraseList
List.OfIPRange.Find
List of
IPRange
Number
List of IP address ranges
with ranges that are also
on other list erased
1 List of IPRange: List with IP
address ranges to erase
2 List of IPRange: List of IP
address ranges to erase
on first list
Position of an IP address 1 List of IPRange: List with IP
range on a list
address range to find
position for
2 IPRange: IP address range
to find position for
List.OfIPRange.Get
IPRange
IP address range
specified by its position
on a list
1 List of IPRange: List
containing IP address
range
2 Number: Position of IP
address range on list
List.OfIPRange.GetElementRange
List of
IPRange
List of IP address ranges
extracted from other list
1 List of IPRange: List with IP
address ranges to extract
2 Number: Position of first
IP address range to extract
3 Number: Position of last IP
address range to extract
List.OfIPRange.Insert
List of IP address ranges
with specified range
inserted
1 List of IPRange: List to
insert IP address range in
2 IPRange: IP address range
to insert
List.OfIPRange.IsEmpty
Boolean
If true, the specified list
is empty.
List of IPRange: List to check
for being empty
List.OfIPRange.Join
List of
IPRange
List of IP address ranges
created by joining two
lists
1 List of IPRange: First list to
join
List.OfIPRange.Reverse
270
List of
IPRange
McAfee Web Gateway 7.8.0
List of
IPRange
2 List of IPRange: Second list
to join
List of IP address rangess List of IPRange: List in
that has its original order original order
reverted
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfIPRange.Size
Number
Number of IP address
ranges on a list
List of IPRange: List to
provide number of IP
address ranges for
List.OfIPRange.Sort
List of
IPRange
List of sorted IP address
ranges
List of IPRange: List to sort
List.OfIPRange.ToString
String
List of IP address ranges
converted into a string
List of IPRange: List to
convert
List.OfMediaType.Append
List of
MediaType
List of media types that a 1 List of MediaType: List to
media type is appended
append media type to
to
2 MediaType: Media type to
append
List.OfMediaType.ByName
List of
MediaType
List of media types
specified by its name
String: List name
List.OfMediaType.Erase
List of
MediaType
List of media types with
specified type erased
1 List of MediaType: List with
media type to erase
2 Number: Position of media
type to erase
List.OfMediaType.EraseElementRange List of
MediaType
List of media types with
specified range of types
erased
1 List of MediaType: List with
media types to erase
2 Number: Position of first
media type to erase
3 Number: Position of last
media type to erase
List.OfMediaType.EraseList
List.OfMediaType.Find
List of
MediaType
Number
List of media types with
types that are also on
other list erased
1 List of MediaType: List with
media types to erase
Position of a media type
on a list
1 List of MediaType: List with
media type to find position
for
2 List of MediaType: List of
media types to erase on
first list
2 MediaType: Media type to
find position for
List.OfMediaType.Get
MediaType
Media type specified by
its position on a list
1 List of MediaType: List
containing media type
2 Number: Position of media
type on list
McAfee Web Gateway 7.8.0
Interface Reference Guide
271
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfMediaType.GetElems
List of
MediaType
List of media types
extracted from other list
1 List of MediaType: List with
media types to extract
2 Number: Position of first
media type to extract
3 Number: Position of last
media type to extract
List.OfMediaType.Insert
List of
MediaType
List of media types with
specified type inserted
1 List of MediaType: List to
insert media type in
2 MediaType: Media type to
insert
List.OfMediaType.IsEmpty
Boolean
If true, the specified list
is empty.
List of MediaType: List to
check for being empty
List.OfMediaType.Join
List of
MediaType
List of media types
created by joining two
lists
1 List of MediaType: First list
to join
2 List of MediaType: Second
list to join
List.OfMediaType.Reverse
List of
MediaType
List of media types that
has its original order
reverted
List of MediaType: List in
original order
List.OfMediaType.Size
Number
Number of media types
on a list
List of MediaType: List to
provide number of media
types for
List.OfMediaType.Sort
List of
MediaType
List of media types
sorted in alphabetical
order
List of MediaType: List to
sort
List.OfMediaType.ToString
String
List of media types
converted into a string
List of MediaType: List to
convert
List.OfNumber.Append
List of
Number
List of numbers that a
number is appended to
1 List of Number: List to
append number to
2 Number: Number to
append
List.OfNumber.ByName
List of
Number
List of numbers specified String: List name
by its name
List.OfNumber.Erase
List of
Number
List of numbers with
1 List of Number: List with
specified number erased
number to erase
2 Number: Position of
number to erase
272
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfNumber.EraseElementRange
List of
Number
List of numbers with
specified range of
numbers erased
1 List of Number: List with
numbers to erase
2 Number: Position of first
number to erase
3 Number: Position of last
number to erase
List.OfNumber.EraseList
List of
Number
List of numbers with
1 List of Number: List with
numbers that are also on
numbers to erase
other list erased
2 List of Number: List of
numbers to erase on first
list
List.OfNumber.Find
Number
Position of a number on
a list
1 List of Number: List with
number to find position
for
2 Number: Number to find
position for
List.OfNumber.Get
Number
Number specified by its
position on a list
1 List of Number: List
containing number
2 Number: Position of
number on list
List.OfNumber.GetElementRange
List of
Number
List of numbers
extracted from other list
1 List of Number: List with
numbers to extract
2 Number: Position of first
number to extract
3 Number: Position of last
number to extract
List.OfNumber.Insert
List of
Number
List of numbers with
specified number
inserted
1 List of Number: List to
insert number in
2 Number: Number to insert
List.OfNumber.IsEmpty
Boolean
If true, the specified list
is empty.
List of Number: List to check
for being empty
List.OfNumber.Join
List of
Number
List of numbers created
by joining two lists
1 List of Number: First list to
join
2 List of Number: Second list
to join
List.OfNumber.Reverse
List of
Number
List of numbers that has
its original order
reverted
List of Number: List in
original order
List.OfNumber.Size
Number
Number of numbers on
a list
List of Number: List to
provide number of numbers
for
McAfee Web Gateway 7.8.0
Interface Reference Guide
273
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfNumber.Sort
List of
Number
List of sorted numbers
List of Number: List to sort
List.OfNumber.ToString
String
List of numbers
converted into a string
List of Number: List to
convert
List.OfSSOConnectors.Append
List of
List of cloud connectors
SSOConnecto with specified cloud
r
connector appended
1 List of SSOConnec: List to
append cloud connector
to
2 SSO Connector: Cloud
connector to append
List.OfSSOConnectors.ByName
List of
List of cloud connectors
SSOConnecto specified by its name
r
String: List name
List.OfSSOConnectors.Erase
List of
List of cloud connectors
SSOConnecto with specified connector
r
erased
1 List of SSOConnector: List
with cloud connector to
erase
2 Number: Position of cloud
connector to erase
List.OfSSOConnectors.EraseElementR List of
List of cloud connectors
ange
SSOConnecto with specified range of
r
connectors erased
1 List of SSOConnector: List
with range of cloud
connectors to erase
2 Number: Position of first
cloud connector to erase
3 Number: Position of last
cloud connector to erase
List.OfSSOConnectors.EraseList
List of
List of cloud connectors
SSOConnecto with connectors that are
r
also on other list erased
1 List of SSOConnector: List
with cloud connectors to
erase
2 List of SSOConnector: List
of cloud connectors to
erase on first list
List.OfSSOConnectors.Exists
Boolean
If true, the list of cloud
connectors with the
specified name exists.
String: List name
List.OfSSOConnectors.Find
Number
Position of cloud
connector in a list
1 List of SSOConnector: List
containing cloud
connector
2 SSOConnector: Cloud
connector to find position
for
274
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
List.OfSSOConnectors.Get
SSOConnecto Cloud connector
r
specified by its position
on a list
Parameters
1 List of SSOConnector: List
containing cloud
connector
2 Number: Position of cloud
connector on list
List.OfSSOConnectors.GetElementRa
nge
List of
List of cloud connectors
SSOConnecto extracted from other list
r
1 List of SSOConnector: List
with cloud connectors to
extract
2 Number: Position of first
cloud connector to extract
3 Number: Position of last
cloud connector to extract
List.OfSSOConnectors.Insert
List of
List of cloud connectors
SSOConnecto with specified connector
r
inserted
1 List of SSO Connect or: List
to insert cloud connecto in
2 SSO Connector: Cloud
connector to insert
3 Number: Position to insert
cloud connector in
List.OfSSOConnectors.IsEmpty
Boolean
If true, the specified list
is empty.
List.OfSSOConnectors.Join
List of
List of single sign-on
SSOConnecto connectors created by
r
joining two lists
List of SSOConnector: List to
check for being empty
1 List of SSOConnector: First
list to join
2 List of SSOConnector:
Second list to join
List.OfSSOConnectors.Reverse
List of
List of cloud connectors List of SSOConnector: List in
SSOConnecto that has its original order original order
r
reverted
List.OfSSOConnectors.Set
List of
List of cloud connectors
SSOConnecto with specified connector
r
set
1 List of SSOConnector: List
to set cloud connector on
2 SSOConnector: Cloud
connector to set
3 Number: Position to set
cloud connector on
List.OfSSOConnectors.Size
Number
List.OfSSOConnectors.Sort
List of
List of cloud connectors
SSOConnecto sorted in alphabetical
r
order of names
List of SSOConnector: List to
sort
List.OfSSOConnectors.ToString
String
List of SSOConnector: List to
convert
McAfee Web Gateway 7.8.0
Number of cloud
connectors on a list
List of cloud connectors
converted into a string
List of SSOConnector: List to
provide number of cloud
connectors for
Interface Reference Guide
275
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfString.Append
List of String
List of strings that a
string is appended to
1 List of String: List to
append string to
2 String: String to append
List.OfString.ByName
List of String
List of strings specified
by its name
String: List name
List.OfString.Erase
List of String
List of strings with
specified string erased
1 List of String: List with
string to erase
2 Number: Position of string
to erase
List.OfString.EraseElementRange
List of String
List of strings with
1 List of String: List with
specified range of strings
strings to erase
erased
2 Number: Position of first
string to erase
3 Number: Position of last
string to erase
List.OfString.EraseList
List.OfString.Find
List of String
Number
List of strings with
strings that are also on
other list erased
1 List of String: List with
strings to erase
Position of a string on a
list
1 List of String: List with
string to find position for
2 List of String: List of strings
to erase on first list
2 String: String to find
position for
List.OfString.Get
String
String specified by its
position on a list
1 List of String: List
containing string
2 Number: Position of string
on list
List.OfString.GetElementRange
List of String
List of strings extracted
from other list
1 List of String: List with
strings to extract
2 Number: Position of first
string to extract
3 Number: Position of last
string to extract
List.OfString.Insert
List of String
List of strings with
specified string inserted
1 List of String: List to insert
string in
2 String: String to insert
List.OfString.IsEmpty
276
McAfee Web Gateway 7.8.0
Boolean
If true, the specified list
is empty.
List of String: List to check
for being empty
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfString.Join
List of String
List of strings created by
joining two lists
1 List of String: First list to
join
2 List of String: Second list to
join
List.OfString.JSON.AsStringList
List of String
List of strings created
from the element values
of a JSON array
JSON: Array
If a value is null, an
empty string is created.
List.OfStringMapInList
List of String
String specified by a
1 List of String: First list
parameter and
containing string
contained in a list with
an index for the position 2 List of String: Second list
this string has in another
containing string
list
3 String: String contained in
If the specified string is
first and second list or
not contained in the first
empty string
list or does not exist as a
position in the second
list, the string is empty.
List.OfString.Reverse
List of String
List of strings that has its List of String: List in original
original order reverted
order
List.OfString.Size
Number
Number of strings on a
specified list
List of String: List to provide
number of strings for
List.OfString.Sort
List of String
List of strings sorted in
alphabetical order
List of String: List to sort
List.OfString.ToString
String
List of strings converted
into a string
List of String: List to convert
List.OfWildcard.Append
List of
Wildcard
Expression
List of wildcard
expressions that an
expression is appended
to
1 List of Wildcard
Expression: List to append
wildcard expression to
2 Wildcard Expression:
Wildcard expression to
append
List.OfWildcard.ByName
List of
Wildcard
Expression
List of wildcard
expressions specified by
its name
String: List name
List.OfWildcard.Erase
List of
Wildcard
Expression
List of wildcard
expressions with
specified expression
erased
1 List of Wildcard
Expression: List with
wildcard expression to
erase
2 Number: Position of
wildcard expression to
erase
McAfee Web Gateway 7.8.0
Interface Reference Guide
277
22
Configuration lists
List of properties
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfWildcard.EraseElementRange
List of
Wildcard
Expression
List of wildcard
expressions with
specified range of
expressions erased
1 List of Wildcard
Expression: List with
wildcard expressions to
erase
2 Number: Position of first
wildcard expression to
erase
3 Number: Position of last
wildcard expression to
erase
List.OfWildcard.EraseList
List of
Wildcard
Expression
List of wildcard
1 List of Wildcard
expressions with
Expression: List with
expressions that are also
wildcard expressions to
on other list erased
erase
2 List of Wildcard
Expression: List of
wildcard expressions to
erase on first list
List.OfWildcard.Find
Number
Position of a wildcard
expression on a list
1 List of Wildcard
expression: List with
wildcard expression to find
position for
2 Wildcard expression:
Wildcard expression to
find position for
List.OfWildcard.Get
Wildcard
Expression
Wildcard expression
specified by its position
on a list
1 List of Wildcard
Expression: List containing
wildcard expression
2 Number: Position of
wildcard expression on list
List.OfWildcard.GetElementRange
List of
Wildcard
Expression
List of wildcard
expressions extracted
from other list
1 List of Wildcard
Expression: List with
wildcard expressions to
extract
2 Number: Position of first
wildcard expression to
extract
3 Number: Position of last
wildcard expression to
extract
278
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-17 Properties – L (continued)
Name
Type
Description
Parameters
List.OfWildcard.Insert
List of
Wildcard
Expression
List of wildcard
expressions with
specified expression
inserted
1 List of Wildcard
Expression: List to insert
wildcard expression in
2 Wildcard Expression:
Wildcard expression to
insert
List.OfWildcard.IsEmpty
Boolean
If true, the specified list
is empty.
List of Wildcard Expression:
List to check for being empty
List.OfWildcard.Join
List of
Wildcard
Expression
List of wildcard
expressions created by
joining two lists
1 List of Wildcard
Expression: First list to join
List.OfWildcard.Reverse
List of
Wildcard
Expression
List of wildcard
expressions that has its
original order reverted
List of Wildcard Expression:
List in original order
List.OfWildcard.Size
Number
Number of wildcard
expressions on a list
List of Wildcard Expression:
List to provide number of
wildcard expressions for
List.OfWildcard.Sort
List of
Wildcard
Expression
List of sorted wildcard
expressions
List of Wildcard Expression:
List to sort
List.OfWildcard.ToString
String
List of wildcard
expressions converted
into a string
List of Wildcard Expression:
List to convert
2 List of Wildcard
Expression: Second list to
join
Properties - M
The following table describes the properties that have names beginning with M.
Table 22-18 Properties – M
Name
Type
Description
Parametersss
Map.ByName
List of
MapType
Already existing Map Type list that
has the specified name
String: List name
Map.CreateStringMap
List of
MapType
Newly created Map Type list
List of
MapType
Map Type list, in which the specified 1 List of MapType:
key and the related value are deleted
Map Type list
Map.DeleteKey
The list is still empty.
2 String: Key
Map.GetKeys
List of
MapTYpe
List of keys that are contained in the
specified Map Type list
List of MapType:
Map Type list
Map.GetStringValue
String
String that is the value for the
specified key in the specified Map
Type list
1 List of MapType:
Map Type list
McAfee Web Gateway 7.8.0
2 String: Key
Interface Reference Guide
279
22
Configuration lists
List of properties
Table 22-18 Properties – M (continued)
Name
Type
Description
Parametersss
Map.HasKey
Boolean
If true, the specified key exists in the
specified Map Type list
1 List of MapType:
Map Type list
2 String: Key
Map.SetStringValue
List of
MapType
Map Type list, in which the specified
value is set for the specified key
1 List of MapType:
Map Type list
2 String: Key
3 String: Value
Map.Size
Number
Number of key-value pairs in the
specified Map Type list
List of MapType:
Map Type list
Map.ToString
String
Map Type list converted into a string
List of MapType:
Map Type list
Math.Abs
Number
Absolute value of specified number
Number: Number
that absolute value
is provided for
Math.Modulo
Number
Integer that is the remainder after
dividing integer a by integer b when
only an integer is accepted as the
resulting quotient.
1 Number: Value for
a
For example, if a = 14 and b = 3, the
value of Math.Modulo is 2.
2 Number: Value for
b
The integer that is the result of
dividing 14 by 3 is 4 and, since 3 x 4 =
12, this leaves 2 as the remainder.
Math.Random
280
Number
Random number between specified
minimum and maximum values
(including these values)
MediaStreamProbability
Number
Probability that the streaming media
in question matches the found
media type (in percent)
MediaType.EnsuredTypes
List of
MediaType
List of media types that are ensured
for the respective media with a
probability of more than 50%
MediaType.FromFileExtension
List of
MediaType
List of media types that are found
using the file name extension of the
media
MediaType.FromHeader
List of
MediaType
List of media types that are found
using the content-type header sent
with the media
MediaType.HasOpener
Boolean
If true, an opener module is available
on the appliance for media of a given
type.
MediaType.IsArchive
Boolean
If true, the media that is being
processed is an archive.
MediaType.IsAudio
Boolean
If true, the media that is being
processed is of the audio type.
McAfee Web Gateway 7.8.0
1 Number:
Minimum value
2 Number:
Maximum value
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-18 Properties – M (continued)
Name
Type
Description
Parametersss
MediaType.IsCompositeObject
Boolean
If true, the media that is being
processed is a composite object.
MediaType.IsDatabase
Boolean
If true, the media that is being
processed is a database.
MediaType.IsDocument
Boolean
If true, the media that is being
processed is a document.
MediaType.IsExecutable
Boolean
If true, the media that is being
processed is an executable file.
MediaType.IsImage
Boolean
If true, the media that is being
processed is an image.
MediaType.IsText
Boolean
If true, the media that is being
processed is of the text type.
MediaType.IsVideo
Boolean
If true, the media that is being
processed is of the video type.
MediaType.MagicBytesMismatch Boolean
If true, the media type specified in
the header sent with the media does
not match the type that was found
on the appliance by examining the
magic bytes actually contained in the
media.
MediaType.NotEnsuredTypes
List of
MediaType
List of media types that are ensured
for the respective media with a
probability of less than 50%
MediaType.ToString
String
Media type converted into a string
Message.Language
String
Name of language for messages sent
to users in short form, for example,
en, de, ja
Message.TemplateName
String
Name of a template for messages
sent to users
MediaType: Media
type to convert
Properties - N
The following table describes the properties that have names beginning with N.
Table 22-19 Properties – N
Name
Type
NextHopProxy.StickinessAttribute String
Description
Parameters
Part of a request that qualifies it for being
handled in next-hop proxy stickiness mode
This property is not SaaS-compatible.
Number.ToDecimalNumber
Number Integer converted into decimal format
For example, 10 is converted to 10.0.
Number.ToString
McAfee Web Gateway 7.8.0
String
Number converted into a string
Number: Integer
to convert
Number: Number
to convert
Interface Reference Guide
281
22
Configuration lists
List of properties
Table 22-19 Properties – N (continued)
Name
Type
Description
Parameters
Number.ToVolumeString
String
Number of bytes that a volume amounts to
converted into a string
Number: Number
of bytes to convert
NumberOfClientConnections
Number Number of connections to clients that are
open on an appliance at the same time
This property is not SaaS-compatible.
Properties - P
The following table describes the properties that have names beginning with P.
Table 22-20 Properties – P
Name
Type
Description
Parameters
PDStorage.GetAllData
List of
String
List containing all permanently
stored data in string format
This property is not
SaaS-compatible.
PDStorage.GetAllGlobalData
List of
String
List containing all permanently
stored global data in string
format
This property is not
SaaS-compatible.
PDStorage.GetAllUserData
List of
String
List containing all permanently
stored user data in string
format
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.Bool
Boolean
Global variable of type
Boolean
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.Category
Category
Global variable of type
Category
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.Dimension
Dimension
Global variable of type
Dimension
String:
Variable key
This property is not
SaaS-compatible.
282
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-20 Properties – P (continued)
Name
Type
Description
Parameters
PDStorage.GetGlobalData.Hex
Hex
Global variable of type Hex
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.IP
IP
Global variable of type IP
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.IPRange
IPRange
Global variable of type
IPRange
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.Category
List of
Category
Global variable of type List of
Category
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.Dimension
List of
Dimension
Global variable of type List of
Dimension
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.Hex
List of Hex
Global variable of type List of
Hex
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.IP
List of IP
Global variable of type List of
IP
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.IPRange
List of
IPRange
Global variable of type List of
IPRange
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.MediaType
List of
MediaType
Global variable of type List of
MediaType
String:
Variable key
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
283
22
Configuration lists
List of properties
Table 22-20 Properties – P (continued)
Name
Type
Description
Parameters
PDStorage.GetGlobalData.List.Number
List of
Number
Global variable of type List of
Number
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.String
List of
String
Global variable of type List of
String
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.List.WildcardExpression List of
Wildcard
Expression
Global variable of type List of
WildcardExpression
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.MediaType
MediaType
Global variable of type
MediaType
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.Number
Number
Global variable of type
Number
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.String
String
Global variable of type String
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetGlobalData.WildcardExpression
Wildcard
Expression
Global variable of type
WildcardExpression
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.Bool
Boolean
User variable of type Boolean
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.Category
Category
User variable of type Category
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.Dimension
Dimension
User variable of type
Dimension
String:
Variable key
This property is not
SaaS-compatible.
284
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-20 Properties – P (continued)
Name
Type
Description
Parameters
PDStorage.GetUserData.Hex
Hex
User variable of type Hex
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.IP
IP
User variable of type IP
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.IPRange
IPRange
User variable of type IPRange
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.Category
List of
Category
User variable of type List of
Category
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.Dimension
List of
Dimension
User variable of type List of
Dimension
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.Hex
List of Hex
User variable of type List of
Hex
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.IP
List of IP
User variable of type List of IP
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.IPRange
List of
IPRange
User variable of type List of
IPRange
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.MediaType
List of
MediaType
User variable of type List of
MediaType
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.Number
List of
Number
User variable of type List of
Number
String:
Variable key
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
285
22
Configuration lists
List of properties
Table 22-20 Properties – P (continued)
Name
Type
Description
Parameters
PDStorage.GetUserData.List.String
List of
String
User variable of type List of
String
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.List.WildcardExpression
List of
Wildcard
Expression
User variable of type List of
WildcardExpression
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.MediaType
MediaType
User variable of type
MediaType
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.Number
Number
User variable of type Number
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.String
String
User variable of type String
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.GetUserData.WildcardExpression
Wildcard
Expression
User variable of type
WildcardExpression
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.HasGlobalData
Boolean
If true, permanently stored
global data is available.
String:
Variable key
This property is not
SaaS-compatible.
PDStorage.HasGlobalDataWait
Boolean
If true, a request is kept
waiting until the requested
global variable exists in the
storage or the specified time
interval has elapsed.
The value of the property is
then set to false. It is true by
default.
1 String:
Variable
key
2 Number:
Timeout
(in
seconds)
This property is not
SaaS-compatible.
286
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-20 Properties – P (continued)
Name
Type
Description
Parameters
PDStorage.HasUserData
Boolean
If true, permanently stored
user data is available.
String:
Variable key
This property is not
SaaS-compatible.
ProgressPage.Enabled
Boolean
If true, download progress is
indicated to the user by a
progress page.
ProgressPage.Sent
Boolean
f true, a progress page is
displayed when a requested
web object is downloaded.
ProtocolDetector.DetectedProtocol
String
String containing name of a
protocol that has been
detected as being used for
traffic on a connection
between Web Gateway and a
client
ProtocolDetector.ProtocolFilterable
Boolean
If true, filtering is supported
for a protocol that has been
detected as being used for
web traffic
Protocol.FailureDescription
String
String containing description
of a connection error under
the current protocol
Proxy.EndUserURL
String
String representing URL for
display to a user
Proxy.IP
IP
IP address of Web Gateway
The default value is 0.
This property is not
SaaS-compatible.
A rule with this
property can,
however, be
synchronized for use
in the cloud, but only
the default value is
then retrieved for
this property.
Proxy.Outbound.IP
IP
Source IP address that Web
Gateway uses when
connecting to web servers or
next-hop proxies
Do not confuse this
property with the
Proxy.OutboundIP
property, which has no
dot before IP.
McAfee Web Gateway 7.8.0
Interface Reference Guide
287
22
Configuration lists
List of properties
Table 22-20 Properties – P (continued)
Name
Type
Description
Parameters
Proxy.Outbound.IPList
List of IP
List of source IP addresses that
Web Gateway selects an
address from when connecting
to web servers or next-hop
proxies.
This property is not
SaaS-compatible.
Proxy.Outbound.Port
Number
Number of source port that
Web Gateway uses when
connecting to web servers or
next-hop proxies
Proxy.OutboundIP
IP
Source IP address for replacing
multiple source IP addresses
that Web Gateway might use
when connecting to web
servers or next-hop proxies
Number:
Position of
source IP
address in
list
The address is selected from a
list, using a number parameter
to identify its position in the
list.
This property is not
SaaS-compatible.
Do not confuse it
with the
Proxy.Outbound.IP
property, which has a
dot before IP.
Proxy.Port
Number
Number of a port used by Web
Gateway
The default value is 0.
This property is not
SaaS-compatible.
A rule with this
property can,
however, be
synchronized for use
in the cloud, but only
the default value is
then retrieved for
this property.
288
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Properties - Q
The following table describes the properties that have names beginning with Q.
Table 22-21 Properties – Q
Name
Type
Description
Parameters
Quota.AuthorizedOverride.GetLogin
String
User name submitted for
performing an authorized
override
This property is not
SaaS-compatible.
Quota.AuthorizedOverride.IsActivationRequest
Boolean If true, an authorized user has
chosen to continue with a
authorized override session
after session time has been
exceeded.
This property is not
SaaS-compatible.
Quota.AuthorizedOverride.IsActivationRequest.Strict
Boolean If true, an authorized user has
chosen to continue with an
Authorized Override session
and the request for continuing
the session applies to the
current settings.
This property is not
SaaS-compatible.
Quota.AuthorizedOverride.JS.ActivateSession
String
String in JavaScript code calling
the function that is executed
when an authorized user
chooses to start a new session
by clicking the appropriate
button in the authorized
override template.
The code is provided when the
template is created and
displayed to the user.
This property is not
SaaS-compatible.
Quota.AuthorizedOverride.LastAuthorizedPerson
String
User name of the last person
who performed an authorized
override to provide additional
session time for a user
This property is not
SaaS-compatible.
Quota.AuthorizedOverride.RemainingSession
Number Remaining time (in seconds) for
an authorized override session
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
289
22
Configuration lists
List of properties
Table 22-21 Properties – Q (continued)
Name
Type
Description
Parameters
Quota.AuthorizedOverride.SessionExceeded
Boolean If true, the time allowed for an
authorized override session
has been exceeded.
This property is not
SaaS-compatible.
Quota.AuthorizedOverride.SessionLength
Number Time length (in seconds) for an
authorized override session
This property is not
SaaS-compatible.
Quota.Coaching.IsActivationRequest
Boolean If true, a user has chosen to
continue with a new coaching
session after session time has
been exceeded.
This property is not
SaaS-compatible.
Quota.Coaching.IsActivationRequest.Strict
Boolean If true, a user has chosen to
continue with a Coaching
session and the request for
continuing the session applies
to the current settings.
This property is not
SaaS-compatible.
Quota.Coaching.JS.ActivateSession
String
String in JavaScript code calling
the function that is executed
when a user chooses to start a
new session by clicking the
appropriate button in the
coaching session template.
The code is provided when the
template is created and
displayed to the user.
This property is not
SaaS-compatible.
Quota.Coaching.RemainingSession
Number Remaining time (in seconds) for
a coaching session
This property is not
SaaS-compatible.
Quota.Coaching.SessionExceeded
Boolean If true, the time allowed for a
coaching session has been
exceeded.
This property is not
SaaS-compatible.
290
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-21 Properties – Q (continued)
Name
Type
Description
Parameters
Quota.Coaching.SessionLength
Number Time length (in seconds) for a
coaching session
This property is not
SaaS-compatible.
Quota.Time.Exceeded
Boolean If true, the time quota has been
exceeded.
This property is not
SaaS-compatible.
Quota.Time.IsActivationRequest
Boolean If true, a user has chosen to
continue with a new time
session after session time has
been exceeded.
This property is not
SaaS-compatible.
Quota.Time.IsActivationRequest.Strict
Boolean If true, a user has chosen to
continue with a new Time
session and the request for
continuing the session applies
to the current settings.
This property is not
SaaS-compatible.
Quota.Time.JS.ActivateSession
String
String in JavaScript code calling
the function that is executed
when a user chooses to start a
new session by clicking the
appropriate button in the time
session template.
The code is provided when the
template is created and
displayed to the user.
This property is not
SaaS-compatible.
Quota.Time.RemainingDay
Number Time (in seconds) remaining
from the configured time quota
for the current day
This property is not
SaaS-compatible.
Quota.Time.RemainingDay.ReducedAtActivation
Number Time (in seconds) remaining
from the configured time quota
for the current day when a user
has just started a session
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
291
22
Configuration lists
List of properties
Table 22-21 Properties – Q (continued)
Name
Type
Description
Parameters
Quota.Time.RemainingDay.ReducedAtDeactivation
Number Time (in seconds) remaining
from the configured time quota
for the current day when a user
has just closed a session
This property is not
SaaS-compatible.
Quota.Time.RemainingMonth
Number Time (in seconds) remaining
from the configured time quota
for the current month
This property is not
SaaS-compatible.
Quota.Time.RemainingMonth.ReducedAtActivation
Number Time (in seconds) remaining
from the configured time quota
for the current month when a
user has just started a session
This property is not
SaaS-compatible.
Quota.Time.RemainingMonth.ReducedAtDeactivation Number Time (in seconds) remaining
from the configured time quota
for the current month when a
user has just closed a session
This property is not
SaaS-compatible.
Quota.Time.RemainingSession
Number Remaining time (in seconds) for
a time session
This property is not
SaaS-compatible.
Quota.Time.RemainingWeek
Number Time (in seconds) remaining
from the configured time quota
for the current week
This property is not
SaaS-compatible.
Quota.Time.RemainingWeek.ReducedAtActivation
Number Time (in seconds) remaining
from the configured time quota
for the current week when a
user has just started a session
This property is not
SaaS-compatible.
292
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-21 Properties – Q (continued)
Name
Type
Description
Parameters
Quota.Time.RemainingWeek.ReducedAtDeactivation
Number Time (in seconds) remaining
from the configured time quota
for the current week when a
user has just closed a session
This property is not
SaaS-compatible.
Quota.Time.SessionExceeded
Boolean If true, the time allowed for a
time session has been
exceeded.
This property is not
SaaS-compatible.
Quota.Time.SessionLength
Number Time length (in seconds) for a
time session
This property is not
SaaS-compatible.
Quota.Time.SizePerDay
Number Time (in seconds) allowed per
day under the configured
quota
This property is not
SaaS-compatible.
Quota.Time.SizePerMonth
Number Time (in seconds) allowed per
month under the configured
quota
This property is not
SaaS-compatible.
Quota.Time.SizePerWeek
Number Time (in seconds) allowed per
week under the configured
quota
This property is not
SaaS-compatible.
Quota.Volume.Exceeded
Boolean If true, the volume quota has
been exceeded.
This property is not
SaaS-compatible.
Quota.Volume.IsActivationRequest
Boolean If true, a user has chosen to
continue with a new volume
session after session time has
been exceeded.
This property is not
SaaS-compatible.
McAfee Web Gateway 7.8.0
Interface Reference Guide
293
22
Configuration lists
List of properties
Table 22-21 Properties – Q (continued)
Name
Type
Description
Parameters
Quota.Volume.IsActivationRequest.Strict
Boolean If true, a user has chosen to
continue a session when the
configured volume has been
exceeded and the request for
continuing the session applies
to the current settings.
This property is not
SaaS-compatible.
Quota.Volume.JS.ActivateSession
String
String in JavaScript code calling
the function that is executed
when a user chooses to start a
new session by clicking the
appropriate button in the
volume session template.
The code is provided when the
template is created and
displayed to the user.
This property is not
SaaS-compatible.
Quota.Volume.RemainingDay
Number Volume (in bytes) remaining
from the configured volume
quota for the current day
This property is not
SaaS-compatible.
Quota.Volume.RemainingMonth
Number Volume (in bytes) remaining
from the configured volume
quota for the current month
This property is not
SaaS-compatible.
Quota.Volume.RemainingSession
Number Remaining time (in seconds) for
a volume session
This property is not
SaaS-compatible.
Quota.Volume.RemainingWeek
Number Volume (in bytes) remaining
from the configured volume
quota for the current week
This property is not
SaaS-compatible.
Quota.Volume.SessionExceeded
Boolean If true, the time allowed for a
volume session has been
exceeded.
This property is not
SaaS-compatible.
294
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-21 Properties – Q (continued)
Name
Type
Description
Parameters
Quota.Volume.SessionLength
Number Time length (in seconds) for a
volume session
This property is not
SaaS-compatible.
Quota.Volume.SizePerDay
Number Volume (in bytes) allowed per
day under the configured
quota
This property is not
SaaS-compatible.
Quota.Volume.SizePerMonth
Number Volume (in bytes) allowed per
month under the configured
quota
This property is not
SaaS-compatible.
Quota.Volume.SizePerWeek
Number Volume (in bytes) allowed per
week under the configured
quota
This property is not
SaaS-compatible.
Properties - R
The following table describes the properties that have names beginning with R.
Table 22-22 Properties – R
Name
Type
Description
Redirect.URL
String
String representing a URL that a user is
redirected to by an authentication or quota rule
Reporting.URL.Categories
List of Category List of all URL categories used on the appliance
Reporting.URL.Reputation
List of Number List of all reputation score values used on the
appliance
Request.Header.FirstLine
String
First line of a header sent with a request
Request.POSTForm.Get
String
Retrieves URL encoded data in the POST form
sent by the external Identity Provider.
Request.ProtocolAndVersion
String
Protocol and protocol version used when a
request is sent
Response.ProtocolandVersion String
Protocol and protocol version used when a
response is sent
Response.Redirect.URL
String
URL that a user is redirected to when a
response is sent
Response.StatusCode
String
Status code of a response
Rules.CurrentRuleID
String
ID of the rule that is currently processed
Rules.CurrentRuleName
String
Name of the rule that is currently processed
Rules.CurrentRuleSetName
String
Name of the rule set that is currently processed
McAfee Web Gateway 7.8.0
Parameters
Interface Reference Guide
295
22
Configuration lists
List of properties
Table 22-22 Properties – R (continued)
Name
Type
Description
Parameters
Rules.EvaluatedRules
List of String
List of all rules that have been processed
Rules.EvaluatedRules.Names
List of String
List with names of all rules that have been
processed
Rules.FiredRules
List of String
List of all rules that have applied
Rules.FiredRules.Names
List of String
List with names of all rules that have applied
Properties - S
The following table describes the properties that have names beginning with S.
Table 22-23 Properties – S
Name
Type
Description
Parameters
SecureReverseProxy.EmbeddedHost
String
Host name of a URL in an HTTP
request that is embedded in an
HTTPS request
This property is not
SaaS-compatible
SecureReverseProxy.EmbeddedProtocol String
Protocol of a URL in an HTTP
request that is embedded in an
HTTPS request
This property is not
SaaS-compatible
SecureReverseProxy.EmbeddedURL
String
URL in an HTTP request that is
embedded in an HTTPS request
String: Host name
of the URL
This is the URL for the host
specified by the value of the
SecureReverseProxy.EmbeddedHost
property.
This property is not
SaaS-compatible
SecureReverseProxy.GetDomain
String
Domain specified in the settings
for the SecureReverseProxy
module
This property is not
SaaS-compatible
SecureReverseProxy.IsValidReverseProxyRequest
see above
Boolean
If true, the URL submitted in a
request has the format required in
a SecureReverseProxy
configuration.
This property is not
SaaS-compatible
296
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
SecureReverseProxy.URLToEmbed
String
URL submitted in a HTTP request
that is embedded in an HTTPS
request
This property is not
SaaS-compatible
SecureToken.CreateToken
String
Encrypted string
This string serves as a token for
securing an IP address. An
AES-128-bit algorithm is used to
create the token.
String: String to
encrypt
Depending on the value of a
parameter in the settings of the
SecureReverseProxy module, the
string includes a time stamp.
SecureToken.IsValid
Boolean
If true, the specified token is valid
and has not expired.
1 String: Token to
be checked
Depending on the on the value of
a parameter in the settings of the
SecureReverse Proxy module, the
token string includes no time
stamp.
2 Number: Time (in
seconds) to
elapse until the
token expires
Expiration of the token is then not
checked.
SecureToken.GetString
String
String serving as a token for
securing an IP address
If the token is invalid or has
expired, the string is empty.
SNMP.Trap.Additional
String
Additional message sent to a trap
under the SNMP protocol
SOCKS.Version
String
Version of the SOCKS protocol that
is used when a client requests
access to a web object under this
protocol
SSL.Certificate.CN.ToWildcard
Wildcard
Common name in an SSL
Expression certificate converted into a
wildcard expression
SSL.Client.Certificate.Serial
String
Serial of a client certificate
SSL.ClientContext.IsApplied
Boolean
If true, parameters for setting the
client context in SSL-secured
communication have been
configured.
1 String: Token to
be checked
2 Number: Time (in
seconds) to
elapse until the
token expires
String: Common
name to convert
SSL.Server.Certificate.AlternativeCNs
see above
McAfee Web Gateway 7.8.0
List of
List of alternative common names
Wildcard
for a web server as used in SSL
Expression certificates
Interface Reference Guide
297
22
Configuration lists
List of properties
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
SSL.Server.Certificate.CN
String
Common name of a web server
provided in a certificate for
SSL-secured communication
see above
Boolean
If true, the common name for a
web server in an SSL certificate
includes wildcards.
SSL.Server.Certificate.DaysExpired
Number
Number of days that an SSL
certificate for a web server has
expired
HostAnd
Certificate
Host name and certificate for
connecting to web server in
SSL-secured communication
see above
HostAnd
Certificate
Certificate for connecting to a web
server in SSL-secured
communication
SSL.Server.Certificate.SelfSigned
Boolean
If true, an SSL certificate for a web
server is self-signed.
SSL.Server.Certificate.SHA1Digest
String
String representing an SHA1Digest
of a SSL certificate for a web
server
String
Text describing the method used
for signing the certificate
SSL.Server.Certificate.CN.HasWildcards
SSL.Server.Certificate.HostAndCertificate
see above
SSL.Server.Certificate.OnlyCertificate
SSL.Server.Certificate.SignatureMethod
see above
SSL.Server.CertificateChain.AllRevocationStatusesKnown
see above
Boolean
If true, it is known of all SSL
certificates in a certificate chain for
a web server whether they are
revoked or not.
SSL.Server.CertificateChain.ContainsExpiredCA
see above
Boolean
If true, an SSL certificate in a
certificate chain for a web server
has expired.
SSL.Server.CertificateChain.ContainsRevoked
see above
Boolean
If true, an SSL certificate in a
certificate chain for a web server
has been revoked.
SSL.Server.CertificateChain.FirstKnownCAIsTrusted
see above
Boolean
If true, a the certificate authority
for issuing SSL certificates that has
been found first in a certificate
chain for a web server is trusted.
SSL.Server.CertificateChain.FoundKnownCA
see above
298
McAfee Web Gateway 7.8.0
Boolean
If true, a known certificate
authority for issuing SSL
certificates has been found in a
certificate chain for a web server.
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
SSL.Server.CertificateChain.IsComplete
Boolean
If true, the chain of SSL certificates
for a web server is complete.
SSL.Server.CertificateChain.Issuer.CNs
List of
String
List of common names for the
issuers that issued an SSL
certificate in a certificate chain for
a web server
The list is sorted in bottom-up
order. It ends with the common
name of the issuer that issued the
certificate for the self-signed root
certificate authority (CA).
SSL.Server.CertificateChain.Length
Number
Number of SSL certificates in a
certificate chain for a web server
SSL.Server.CertificateChain.PathLengthExceeded
see above
Boolean
If true, the chain of SSL certificates
for a web server exceeds the
allowed length.
SSL.Server.CertificateChain.SignatureMethods
see above
List of
String
List of texts describing the
methods used for signing the
certificates in the chain
SSL.Server.Cipher.KeyExchangeBits
Number
Normalized strength of the
weakest link involved in a key
exchange performed in
SSL-secured communication
SSL.Server.Handshake.CertificateIsRequested
see above
Boolean
If true, a handshake is requested
for setting up a connection to a
web server in SSL-secured
communication.
SSO.Action
String
Returns the name of an internal
action performed in response to
an SSO request.
This property is not
SaaS-compatible
SSO.Config
String
Returns the name of the settings
used by an internal action
performed in response to an SSO
request.
This property is not
SaaS-compatible
SSO.Debug
String
Returns an SSO debug message.
This property is not
SaaS-compatible
McAfee Web Gateway 7.8.0
Interface Reference Guide
299
22
Configuration lists
List of properties
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
SSO.GetConnectorInfo
Variable
Returns information about the
SSO connector to the service the
user is requesting. This
information is stored as a JSON
object in a local variable named
sso-conn-info.
String: Service ID
This property is not
SaaS-compatible
SSO.GetData
JSON
object
Returns additional information
needed for SAML single sign-on.
This property is not
SaaS-compatible
SSO.GetDatFile
String
String: Name of the
Retrieves the specified DAT file
SSO DAT file
from the update server and
returns the contents of the file in a
string. The Single Sign On module
uses the collection of SSO DAT files
to create the launchpad.
This property is not
SaaS-compatible
SSO.GetIceTokenLoginAction
String
Returns the user information
1 String: Service ID
needed to complete single sign-on
2 Variable:
to the requested service or
application.
sso-user-data
This property is not
SaaS-compatible
SSO.GetPostLoginAction
String
Returns the information needed to 1 String: Identity
complete single sign-on to the
Provider
requested HTTP service or
application.
2 String: User
name
This property is not
SaaS-compatible
3 String: Service ID
4 String: User
account
SSO.GetSAMLLoginAction
String
Returns the user information
1 String: Service ID
needed to complete single sign-on
2 Variable:
to the requested SAML service or
application.
sso-user-data
This property is not
SaaS-compatible
300
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
SSO.GetServices
JSON
object
Returns all information about the
current user added by the SSO
Select Services rule set. This
information is returned in JSON
format and includes the names of
cloud services the user is allowed
to access and all account
information.
Variable:
"conditions"
This property is not
SaaS-compatible
SSO.GetTools
String
Returns a string of JavaScript tools.
This property is not
SaaS-compatible
SSO.IsManagementRequest
Boolean
Returns a true value if the current
request is an SSO request and one
or both of the following conditions
are met:
• Web Gateway has received an
SSO request.
• The SSO.Action property is
processed with valid settings.
This property is not
SaaS-compatible
SSO.LogProperties
JSON
object
Stores information about each
SSO request that is used to
generate the SSO access and SSO
trace logs.
This property is not
SaaS-compatible
SSO.ManagementHost
String
Returns the host name of the SSO
service specified in the
configuration. Typically, this value
is the name of the server hosting
the SSO service provided by Web
Gateway.
This property is not
SaaS-compatible
SSO.OTPRequired
Boolean
Returns a true value if the SSO
action requires OTP
authentication.
This property is not
SaaS-compatible
McAfee Web Gateway 7.8.0
Interface Reference Guide
301
22
Configuration lists
List of properties
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
SSO.ProcessTask
Boolean
Processes common SSO tasks,
such as credential management,
using the Single Sign On settings. If
the SSO tasks are processed
successfully, this property returns
a true value.
The
parameters
are passed
in URLs.
This property is not
SaaS-compatible
SSO.UserHasAccessToService
Boolean
Returns a true value if the user is
allowed to access the cloud service
or manage the account.
This property is not
SaaS-compatible
SSOConnector.ToString
String
Converts the name of a cloud
String: Name of
connector to the Service ID that
cloud connector
identifies the corresponding cloud
service or application.
Statistics.Counter.Get
Number
Number of occurrences of an
activity or situation recorded on a
counter
String: Name of
counter
This property is not
SaaS-compatible
Statistics.Counter.GetCurrent
Number
Number of occurrences of an
activity or situation recorded on a
counter (fully completed) during
the last minute
String: Name of
counter
This property is not
SaaS-compatible
Stopwatch.GetMicroSeconds
Number
Time measured for rule set
processing in microseconds
String: Name of
rule set
Stopwatch.GetMilliSeconds
Number
Time measured for rule set
processing in milliseconds
String: Name of
rule set
StreamDetector.IsMediaStream
Boolean
If true, a requested web object is
streaming media.
This is the basic property used in
streaming media filtering.
StreamDetector.MatchedRule
String
Name of a streaming media
filtering rule that has matched
This property is given a value if the
StreamDetector.IsMediaStream
property is set to true.
302
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
StreamDetector.Probability
Number
Probability for a web object that it
is streaming media
Values range from 1 to 100.
This property is given a value if the
StreamDetector.IsMediaStream
property is set to true.
String.BackwardFind
Number
Position where a substring begins
that is found in a string by a
backward search
Returns -1 if the substring is not
found.
1 String: String
containing
substring
2 String: Substring
3 Number: Position
where backward
search for
substring begins
String.Base64DecodeAsBinary
String
String of binary digits that is the
result of decoding a base-64
encoded string
String: String in
encoded format
String.Base64DecodeAsText
String
Text string that is the result of
String: String in
decoding a base-64 encoded string encoded format
String.Base64Encode
String
String that is the result of using
the base-64 encoding method to
encode a string
String: String to
encode
String.BelongsToDomains
Boolean
If true, a specified string is found
in a list of domain names
1 String: String to
be found in list
The value of the property is "true"
if the string matches a list entry,
which means it is a domain name.
2 List of string: List
of domain names
The value of the property is also
"true" if the string is a character or
sequence of characters followed
by a dot and a substring that
matches a list entry (*.<list entry>),
which means it is the name for a
subdomain of a domain in the list.
In both cases the string is set as
the value of the List.LastMatches
property.
String.Concat
String
Concatenation of two specified
strings
1 String: First string
to concatenate
2 String: Second
string to
concatenate
String.CRLF
McAfee Web Gateway 7.8.0
String
Carriage-return line-feed
Interface Reference Guide
303
22
Configuration lists
List of properties
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
String.Find
Number
Position where a substring begins
that is found in a string by a
forward search
1 String: String
containing
substring
Returns -1 if the substring is not
found.
2 String: Substring
3 Number: Position
where forward
search for
substring begins
String.FindFirstOf
Number
Position of the first character of a
substring found in a string
Returns -1 if the substring is not
found.
1 String: String
containing
substring
2 String: Substring
3 Number: Position
where search for
substring begins
String.FindLastOf
Number
Position of the last character of a
substring found in a string
Returns -1 if the substring is not
found.
1 String: String
containing
substring
2 String: Substring
3 Number: Position
where search for
substring begins
String.GetWordCount
Number
Number of words in a string
String: String to get
number of words
for
String.Hash
String
Hash value of a particular type for
a given string
1 String: String to
find hash value
for
2 String: Hash type
304
String.IsEmpty
Boolean
If true, the specified string is
empty.
String: String
checked for being
empty
String.Length
Number
Number of characters in a string
String: String to
count characters
for
String.LF
String
Line-feed
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
String.MakeAnonymous
String
String that has been made
anonymous and requires one or
two passwords for reverting
anonymization
String: String to
anonymize
The string that is to be
anonymized is specified as a
parameter of the property.
The passwords are set within the
Anonymization settings, which are
provided as settings of the
property.
You can use the property in a rule
to anonymize sensitive data, for
example, the user name that is
retrieved as the value of the
Authentication.UserName property.
An event in this rule sets the
authentication property to the
value of String.MakeAnonymous,
which takes the authentication
property as its parameter, so its
value is the anonymized user
name.
After the set event has been
executed, the anonymized user
name is also the value of
Authentication.UserName. Sensitive
information is protected this way.
For the rule to work, a rule with
the authentication property must
have been processed before.
Otherwise the string that is to be
anonymized would not be known.
String.MatchWildcard
List of
String
List of terms in a string that match 1 String: String with
a wildcard expression
matching terms
2 Wildcard
Expression:
Wildcard
expression to
match
3 Number: Position
where search for
substring begins
McAfee Web Gateway 7.8.0
Interface Reference Guide
305
22
Configuration lists
List of properties
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
String.Replace
String
String having a substring replaced
by a string as specified
1 String: String
containing
substring to
replace
2 Number: Position
where
replacement
begins
3 Number: Number
of characters to
replace
4 String: Replacing
string
String.ReplaceAll
String
String having each occurrence of a 1 String: String
substring replaced by string as
containing
specified
substring to
replace
2 String: Replacing
substring
3 String: Substring
to replace
String.ReplaceAllMatches
String
String having each occurrence of a 1 String: String
substring that matches a wildcard
containing
expression replaced by a string as
substring to
specified
replace
2 Wildcard
Expression:
Wildcard
expression to
match
3 String: Substring
to replace
String.ReplaceFirst
String
String having first occurrence of a
substring replaced by a string as
specified
1 String: String
containing
substring to
replace
2 String: Substring
to replace
3 String: Replacing
string
306
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
String.ReplaceFirstMatch
String
String having first occurrence of a
substring that matches a wildcard
expression replaced by a string as
specified
1 String: String
containing
substring to
replace
2 Wildcard
Expression:
Wildcard
expression to
match
3 String: Replacing
substring
String.ReplaceIfEquals
String
String having every occurrence of
a substring replaced by a string as
specified
1 String: String
containing
substring to
replace
2 String: Substring
to replace
3 String: Replacing
string
String.SubString
String
Substring contained in a string
specified by start position and
length
1 String: String
containing
substring
2 Number: Position
where substring
begins
3 Number: Number
of characters in
substring
If no number is
specified, the
substring extends
to the end of the
original string
McAfee Web Gateway 7.8.0
Interface Reference Guide
307
22
Configuration lists
List of properties
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
String.SubStringBetween
String
Substring of string extending
between two other substrings of
this string
1 String: String
containing
substrings
The search for this substring
begins with looking for the first of
the other substrings. If this string
is found, the search is continued
with looking for the second
substring.
If the first substring is not found,
the search has no result. If the
second substring is not found, the
wanted substring extends from
the end of the first substring to
the end of the main string.
308
3 String: Substring
beginning
immediately after
the wanted
substring
String.ToCategory
Category
String.ToDimension
Dimension String converted into a dimension
String: String to
convert
String.ToHex
Hex
String converted into a hex value
String: String to
convert
String.ToIP
IP
String converted into an IP
address
String: String to
convert
String.ToIPRange
PRange
String converted into a range of IP
addresses
String: String to
convert
String.ToMediaType
MediaType String converted into a media type String: String to
convert
String.ToNumber
Number
String converted into a number
String: String to
convert
String.ToSSOConnector
String
Converts the Service ID that
identifies a cloud service or
application to the name of the
corresponding cloud connector.
String: Service ID
McAfee Web Gateway 7.8.0
String converted into a category
2 String: Substring
ending
immediately
before the
wanted substring
String: String to
convert
Interface Reference Guide
Configuration lists
List of properties
22
Table 22-23 Properties – S (continued)
Name
Type
Description
Parameters
String.ToStringList
List of
String
String converted into a string list
1 String: String to
convert
The string list is a list of the
elements in the string to convert.
For example, the string to convert
can be a text and the string list a
list of the words in this text.
2 String: Delimiter
3 String: Substring
beginning
The delimiter is a substring that
immediately after
separates elements in the string to
the wanted
convert. For example, in a normal
substring
text, the delimiter is the
whitespace. The substring can be
a single character, such as the
whitespace, or multiple characters.
To specify the whitespace, hit the
space bar.
A trim character is a character that
appears at the beginning or end of
an element in the string to
convert, but not in the string list. A
trim character can, for example,
be a comma, a period, or a single
quotation mark. It can also be an
“invisible” character, such as a tab
stop or a line feed.
To specify trim characters, type
them in the input field that is
provided on the user interface
without separating them from
each other.
Use the following combinations to
type invisible characters:
\t – tab stop
\r – carriage return
\n – line feed
\b – backspace
\\ – backslash
If you specify a character as a
delimiter, it is also deleted from
the resulting string list, so you
need not specify it as a trim
character.
String.ToWildcard
Wildcard
String converted into a wildcard
Expression expression
String.URLDecode
String
Standard format of a URL that was String: URL in
specified in encoded format
encoded format
String.URLEncode
String
Encoded format of a URL
System.HostName
String
Host name of an appliance
System.UUID
String
UUID (Universal Unique Identifier)
of an appliance
McAfee Web Gateway 7.8.0
String: String to
convert
String: URL to
encode
Interface Reference Guide
309
22
Configuration lists
List of properties
Properties - T
The following table describes the properties that have names beginning with T.
Table 22-24 Properties – T
Name
Type
Description
Parameters
TIE.Filereputation
Number File reputation score that has been retrieved from
a TIE server
This property is not SaaS-compatible.
Timer.FirstReceivedFirstSentClient Number Processing time consumed between receiving the
first byte from a client on the appliance and
sending the first byte to this client within a
transaction
Using this property is only supported when HTTP
or HTTPS connections are involved, but not for
FTP connections.
Timer.FirstSentFirstReceivedServer Number Processing time consumed between sending the
first byte from the appliance to a web server and
receiving the first byte from this server within a
transaction
Using this property is only supported when HTTP
or HTTPS connections are involved, but not for
FTP connections.
Timer.HandleConnectToServer
Number Processing time consumed for connecting to a
web server within a transaction
Timer.LastReceivedLastSentClient
Number Processing time consumed between receiving the
last byte from a client on the appliance and
sending the last byte to this client within a
transaction
Using this property is only supported when HTTP
or HTTPS connections are involved, but not for
FTP connections.
Timer.LastSentLastReceivedServer Number Processing time consumed between sending the
last byte from the appliance to a web server and
receiving the last byte from this server within a
transaction
Using this property is only supported when HTTP
or HTTPS connections are involved, but not for
FTP connections.
Timer.ResolveHostNameViaDNS
Number Processing time consumed for looking up a host
name on a DNS server within a transaction
Only lookups on external servers are considered.
Cache lookups are disregarded.
310
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-24 Properties – T (continued)
Name
Type
Description
Parameters
Timer.TimeInExternals
Number Time (in milliseconds) consumed when processing
a request in waiting for responses by components
other than the rule engine that are involved in the
process, for example, domain controllers or
anti-malware scanning engines.
This time is the time that has already been
consumed in waiting when the property is
evaluated.
Waiting periods in all relevant processing cycles
are considered when calculating this time.
Timer.TimeInRuleEngine
Number Time (in milliseconds) consumed by the rule
engine for processing a request, including
activities in all relevant processing cycles, at the
time when the property is evaluated.
Processing a request through all relevant
processing cycles is also referred to as a
transaction.
When the property is evaluated within a rule for
log handling, its value is the time that was used by
the rule engine for the complete transaction.
Timer.TimeInTransaction
Number Time (in milliseconds) consumed for processing a
request, including activities in all relevant
processing cycles, at the time when the property
is evaluated.
Time used for rule engine activities and waiting
times are summed up in this property value.
Processing a request through all relevant
processing cycles is also referred to as a
transaction.
When the property is evaluated within a rule for
log handling, its value is the time that was used
for the complete transaction.
Tunnel.Enabled
Boolean If true, an HTTP or HTTPS tunnel is enabled
Properties - U
The following table describes the properties that have names beginning with U.
Table 22-25 Properties – U
Name
Type
Description
URL
String
URL of a web object
URL.Categories
List of
Category
List of URL categories that a URL belongs to
URL.CategoriesForURL
List of
Category
List of URL categories that a specified URL
belongs to
URL.CategorySetVersion
Number
Version number of the category set that is
used for URL filtering
URL.CloudLookupLedToResult
McAfee Web Gateway 7.8.0
Parameters
String: URL in
string format
If true, the rating for a URL was retrieved by a
cloud lookup that was performed using the
Global Threat Intelligence service.
Interface Reference Guide
311
22
Configuration lists
List of properties
Table 22-25 Properties – U (continued)
Name
Type
Description
Parameters
URL.DestinationIP
IP
IP address for a URL as found in a DNS lookup
URL.Domain
String
Name of the domain that access was
requested to
URL.DomainSuffix
String
Suffix appended to the name of the domain
that access was requested to
URL.FileExtension
String
Extension of the file name for a requested file
URL.FileName
String
Name of a file that can be accessed through a
URL
URL.ForwardDNSLedToResult
Boolean
If true, the rating for a URL was retrieved by
performing a forward DNS lookup.
URL.Geolocation
String
ISO 3166 code for the country where the host
that a URL belongs to is located
If a value is to be assigned to this property, the
following option of the settings for the URL
Filter module must be enabled:
Only use online GTI web reputation and
categorization services.
URL.Geolocation
String
Name of the country where the host that a
given URL belongs to is located
The URL is the URL that was sent with the
request that is currently processed.
The country is identified according to ISO 3166.
The name can only be found if the
following option of the settings for URL
filtering is selected: Disable local GTI database
URL.GeolocationForURL
String
Name of the country where the host that a
given URL belongs to is located
The URL is specified as a parameter of the
property.
String: URL
that country
name is to be
found for
The country is identified according to ISO 3166.
The name can only be found if the
following option of the settings for URL
filtering is selected: Disable local GTI database
312
URL.GetParameter
String
Parameter of a URL in string format
String:
Parameter
name
URL.HasParameter
Boolean
If true, a specified parameter belongs to the
parameters of a URL.
String:
Parameter
name
URL.Host
String
Host that a URL belongs to
McAfee Web Gateway 7.8.0
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-25 Properties – U (continued)
Name
Type
Description
Parameters
URL.Host.BelongsToDomains
Boolean
If true, a host that access was requested to by
submitting a particular URL belongs to one of
the domains in a list.
List of string:
List of
domain
names
The name of a host that was found to belong
to one of the domains is set as the value of the
List:LastMatches property.
You can use the URL.Host.BelongsToDomains
property to match anything to the domain
name in a URL or anything to the left of a dot
of a domain name (*.domain.com). Terms
including the domain name (*domain.com) are
not counted as matches.
Example:
Domain List is the string list specified as the
property parameter. It contains the following
entries (dots preceding a domain name in a
URL are omitted):
twitter.com
mcafee.com
dell.com
k12.ga.us
xxx
Then the criteria:
URL.Host.BelongsToDomains("Domain List")
equals true
matches for the following URLs:
http://twitter.com
http://www.twitter.com
http://my.mcafee.com
http://my.support.dell.com
http://www.dekalb.k12.ga.us
any.site.xxx
but not for:
http://malicioustwitter.com
http://www.mymcafee.com
http://www.treasury.ga.us
Using this property avoids the effort of
creating more complicated solutions to
accomplish the same, for example:
• Using two entries in a list of wildcard
expressions, such as:
twitter.com and *twitter.com
• Using a single, complex entry in a list of
wildcard expressions, such as:
regex((.*\.|.?)twitter\.com)
McAfee Web Gateway 7.8.0
Interface Reference Guide
313
22
Configuration lists
List of properties
Table 22-25 Properties – U (continued)
Name
Type
Description
Parameters
If these entries were contained in the list Other
Domain List, the following criteria would match
for the twitter.com domain:
URL.Host matches in list "Other Domain List"
URL.HostIsIP
Boolean
If true, the URL that is submitted for access to
a host is an IP address.
URL.IsHighRisk
Boolean
If true, the reputation score of a URL falls in
the high risk range.
URL.IsMediumRisk
Boolean
If true, the reputation score of a URL falls in
the medium risk range.
URL.IsMinimalRisk
Boolean
If true, the reputation score of a URL falls in
the minimal risk range.
URL.IsUnverified
Boolean
If true, the reputation score of a URL falls in
the unverified risk range.
URL.Parameters
List of
String
List of URL parameters
URL.ParametersString
String
String containing the parameters of a URL
If the URL has parameters, the string begins
with the ? character.
URL.Path
String
Path name for a URL
URL.Port
Number
Number of a port for a URL
URL.Protocol
String
Protocol for a URL
URL.Raw
String
URL in the format originally received on the
appliance from a client or other network
components
Using this property for rule configuration will
speed up processing because it saves the time
used for converting URL code to a human
readable format, as it is done for the simple
URL property.
URL.Reputation
Number
Reputation score for a given URL
The URL is the URL sent with the request that
is currently processed.
URL.ReputationForURL
Number
Reputation score for a given URL
The URL is specified as a parameter of the
property.
URL.ReputationString
String
String: URL
that
reputation
score is to be
found for
Reputation score for a given URL in string
format
The URL is the URL sent with the request that
is currently processed.
URL.ReputationStringForURL
String
Reputation score for a given URL
The URL is specified as a parameter of the
property.
314
McAfee Web Gateway 7.8.0
String: URL
that
reputation
score is to be
found for
Interface Reference Guide
22
Configuration lists
List of properties
Table 22-25 Properties – U (continued)
Name
Type
Description
Parameters
URL.ReverseDNSLedToResult
Boolean
If true, the rating for a URL was retrieved by
performing a reverse DNS lookup.
URL.SmartMatch
Boolean
If true, a URL matches one or more of the URL
parts that are specified in string format in any
of the entries in the list of URL parts that is
given as the parameter of this property
An entry in this string list must specify at least
the domain or the path part of a URL as a
substring. It can specify both.
List of String:
List with
parts of URLs
in string
format
The domain part matches also if a URL only
contains a subdomain of the specified domain.
For the path part, it is sufficient if the
beginning of the path in a URL matches it.
Additionally, a list entry can specify the protocol
and port of a URL.
The value of the property is true if a URL
matches the domain or the path part (or both)
in an entry of the string list and also matches
the protocol part (if specified) and the port
part (if specified).
If a port is specified in an entry of the string
list, but not in the URL, there is no match.
For example, the string list contains the
following entry:
http://www.mycompany.com/samplepath/xyz
Then the URLs below will produce matches or
not as follows:
mycompany.com (match)
http://mycompany.com (match)
https://mycompany.com (no match)
http://www.mycompany.com/ (match)
host.mycompany.com (no match)
http://www.mycompany.com:8080/ (no match)
http://www.mycompany.com/samplepath/
(match)
/samplepath/ (match)
mycompany.com/samplepath/ (match)
com (match)
You can use this property to search for
matches in a complex URL whitelist or blocklist,
for example, in a list that contains both entries
for URL hosts and for complete URLs.
URLFilter.DatabaseVersion
Number
Version number of the database on an
appliance
URLFilter.EngineVersion
String
String identifying the version of the URL
filtering module (engine)
McAfee Web Gateway 7.8.0
Interface Reference Guide
315
22
Configuration lists
List of statistics counters
Table 22-25 Properties – U (continued)
Name
Type
Description
Parameters
User-Defined.cacheMessage
String
Message text providing information on web
cache usage
User-Defined.eventMessage
String
Message text providing information on an
event
User-Defined.loadMessage
String
Message text providing information on CPU
overload
User-Defined.logLine
String
Entry written into a log file
User-Defined.monitorLogMessage
String
Entry written into a log file
User-Defined.notificationMessage
String
Text of a notification message
User-Defined.requestLoadMessage String
Message text providing information on request
overload
User-Defined.requestsPerSecond
Number of requests processed on an
appliance per second
Number
Properties - W
The following table describes the properties that have names beginning with W.
Table 22-26 Properties – W
Name
Type
Description
Wildcard.ToString String Wildcard expression converted into a
string
Parameters
Wildcard Expression: Wildcard
expression to convert
List of statistics counters
The following table provides a list of the statistics counters that you can use in rules.
You can implement each of these counters by configuring it as a parameter of a particular rule event. Some of
them are already implemented in rules of the default rule set system.
Table 22-27 List of statistics counters
316
Name
Description
AMLoad
Percentage of CPU resources that is currently used by anti-malware filtering
AMUsed
Number of bytes in the virtual memory that are currently used by anti-malware
filtering
AMUsedPhys
Number of bytes in the physical memory that are currently used by
anti-malware filtering
AMJobQueueLength
Number of jobs in the anti-malware job queue by applications running on Web
Gateway
ApplHighRisk
Number of applications that are considered a high risk
ApplMediumRisk
Number of applications that are considered a medium risk
ApplMinimalRisk
Number of applications that are considered a minimal risk
ApplUnverified
Number of applications that no risk level could be verified for
ApplicationMemoryUsage
Percentage of memory that is currently in use
AuthNTLMCacheRequests
Number of NTLM authentication requests that were granted based on user
information in the cache
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of statistics counters
22
Table 22-27 List of statistics counters (continued)
Name
Description
AuthUserCacheRequests
Number of authentication requests that were granted based on user
information in the cache
BlockedByAntiMalware
Number of requests blocked by anti-malware filtering
BlockedByApplControl
Number of requests blocked by application filtering
BlockedByDLPMatch
Number of requests blocked by the DLP process
BlockedByMediaFilter
Number of requests blocked by media type filtering
BlockedByURLFilter
Number of requests blocked by URL filtering
Categories
Number of URLs that were processed in each of the categories used in URL
filtering
CertNameMismatch
Number of mismatches that occurred in certificate verification
CertNameWildCardMatch
Number of matches that occurred in certificate verification when wildcards had
been submitted
CertExpired
Number of expired certificates
CertRevoked
Number of revoked certificates
CertSelfSigned
Number of self-signed certificates
CertUnresolvable
Number of certificates that could not be resolved
ClientCount
Number of clients that are currently communicating with Web Gateway
CloudEnc.DecryptionBytesAll Number of bytes for all web objects that cloud decryption was applied to
CloudEnc.DecryptionErrorsAll Number of bytes for all web objects that had cloud decryption resulting in an
error
CloudEnc.DecryptionHitsAll
Number of bytes for all web objects that cloud decryption was successfully
applied to
CloudEnc.EncryptionBytesAll
Number of bytes for all web objects that cloud encryption was applied to
CloudEnc.EncryptionErrorsAll Number of bytes for all web objects that had cloud encryption resulting in an
error
CloudEnc.EncryptionHitsAll
Number of bytes for all web objects that cloud encryption was successfully
applied to
CloseWaits
Number of sockets that are in CLOSE WAIT status
ConnectedSockets
Number of sockets that are connected to Web Gateway
ConnectionsBlocked
Number of blocked connections
ConnectionsLegitimate
Number of legitimate connections
CoreLoad
Percentage of CPU resources that is currently used by the core process
CoreUsed
Number of bytes in the virtual memory that are currently used by the core
process
CoreUsedPhys
Number of bytes in the physical memory that are currently used by the core
process
CoreThreads
Number of threats that currently processed in the core
CoordLoad
Percentage of CPU resources that is currently used by the Coordinator
subsystem
CoordUsed
Number of bytes in the virtual memory that are currently used by the
Coordinator subsystem
CoordUsedPhys
Number of bytes in the physical memory that are currently used by the
Coordinator subsystem
McAfee Web Gateway 7.8.0
Interface Reference Guide
317
22
Configuration lists
List of statistics counters
Table 22-27 List of statistics counters (continued)
Name
Description
CPULoad
Percentage of CPU resources that are currently in use
CPUIdle
Percentage of CPU resources that are currently not in use
CPUUser
Percentage of CPU resources that are currently used by user-related functions
CPUSystem
Percentage of CPU resources that are currently used by system functions
DLPMatches
Number of matches that were achieved in DLP filtering
FilesystemUsage
Percentage of the opt system partition that is currently in use
FtpBytesFromServer
Number of bytes for all web objects that were received from a web server
under FTP
FtpBytesToServer
Number of bytes for all web objects sent to a web server under FTP
FtpRequests
Number of requests received under FTP
FtpTraffic
Number of bytes for all web objects sent and received under FTP
GTICloudTimedOut
Number of timeouts that occurred on the Global Threat Intelligence server
when cloud lookups were performed in URL filtering
GTIFileRepCloudLookupDone Number of cloud lookups that were performed by Global Threat Intelligence to
retrieve file reputations
318
GTIRequestSentToCloud
Number of requests that were sent to Global Threat Intelligence to retrieve URL
category information (not file reputations)
HarddiskUsage
Percentage of hard-disk space that is currently available
HttpBytesFromClient
Number of bytes for all web objects that were received from a client under
HTTP
HttpBytesFromServer
Number of bytes for all web objects that were received from a web server
under HTTP
HttpBytesToClient
Number of bytes for all web objects that were sent to a client under HTTP
HttpBytesToServer
Number of bytes for all web objects that were sent to a web server under HTTP
HttpRequests
Number of requests received under HTTP
HttpTraffic
Number of bytes for all web objects sent and received under HTTP
HttpsBytesFromClient
Number of bytes for all web objects that were received from a client under
HTTPS
HttpsBytesFromServer
Number of bytes for all web objects that were received from a web server
under HTTPS
HttpsBytesToClient
Number of bytes for all web objects sent to a client under HTTPS
HttpsBytesToServer
Number of bytes for all web objects sent to a web server under HTTPS
HttpsRequests
Number of requests received under HTTPS
HttpsTraffic
Number of bytes for all web objects sent and received under HTTPS
ICAPReqmodRequests
Number of requests received in the Reqmod mode of ICAP
ICAPReqmodTraffic
Number of bytes for all web objects sent and received in the Reqmod mode of
ICAP
ICAPRespmodRequests
Number of requests received in the Respmod mode of ICAP
ICAPRespmodTraffic
Number of bytes for all web objects sent and received in the Respmod mode of
ICAP
IfpRequests
Number of requests received under IFP
KerberosRequests
Number of requests for authentication using the Kerberos method
McAfee Web Gateway 7.8.0
Interface Reference Guide
Configuration lists
List of statistics counters
22
Table 22-27 List of statistics counters (continued)
Name
Description
LDAPRequests
Number of requests for authentication using the LDAP method
LoadPerCPU
Load on a Web Gateway appliance divided by number of CPU cores (rounded
integer)
MalwareDetected
Number of malicious objects found by anti-malware filtering
MATDInfected
Number of viruses found by Advanced Threat Defense
MATDRequests
Number of requests sent to Advanced Threat Defense
MATDScanTime
Number of seconds used by the Advanced Threat Defense process
MemoryUsage
Percentage of memory that is currently in use
MemUsed
Number of bytes in the memory that are currently in use system-wide
MemFree
Number of bytes in the memory that are currently not in use system-wide
MT.Archives
Number of archives that are processed
MT.Audio
Number of audio files that are processed
MT.Database
Number of database files that are processed
MT.Document
Number of documents that are processed
MT.Executable
Number of executable files that are processed
MT.Image
Number of images that are processed
MT.Stream
Number of data streams that are processed
MT.Text
Number of text files that are processed
MT.Video
Number of video files that are processed
NetworkBytesReceived
Number of bytes received in network communication
NetworkBytesSent
Number of bytes sent in network communication
NTLMAgentRequests
Number of requests for authentication using an agent system to apply the
NTLM method
NTLMAgentRequestProcTime Average time (in milliseconds) for processing an NTLM Agent request
NTLMRequests
Number of requests for authentication using the NTLM method
NTLMRequestsProcTime
Average time (in milliseconds) for processing an NTLM request
OTPSendProcTime
Average time (in milliseconds) for processing an OTP request
OTPSendRequests
Number of requests received submitting a One-Time Password (OTP)
OTPVerifyProcTim
Average time (in milliseconds) for OTP verification
OTPVerifyRequests
Number of requests received in OTP verification
RADIUSRequests
Number of requests for authentication using the RADIUS method
RADIUSRequestsProcTime
Average time (in milliseconds) for processing a RADIUS request
RepHighRisk
Number of URLs with a reputation that is considered a high risk
RepMediumRisk
Number of URLs with a reputation that is considered a medium risk
RepMinimalRisk
Number of URLs with a reputation that is considered a minimal risk
RepUnverified
Number of URLs with a reputation that could not be verified
ReputationMalicious
Number of URLs with a reputation of being malicious
ReputationNeutral
Number of URLs with a reputation that is considered neutral regarding its risk
level
ReputationTrusted
Number of URLs with a reputation that is trusted
McAfee Web Gateway 7.8.0
Interface Reference Guide
319
22
Configuration lists
List of statistics counters
Table 22-27 List of statistics counters (continued)
Name
Description
ReputationUnverified
Number of URLs with a reputation that could not be verified
SOCKSRequests
Number of requests received under SOCKS
SOCKSTraffic
Number of bytes for all web objects sent and received under SOCKS
SOCKSv4Requests
Number of requests received under SOCKS version 4
SOCKSv4Traffic
Number of bytes for all web objects sent and received under SOCKS version 4
SOCKSv5Requests
Number of requests received under SOCKS version 5
SOCKSv5Traffic
Number of bytes for all web objects sent and received under SOCKS version 5
SSO.AllLogins
Number of logons performed using cloud single sign-on
SSO.IncorrectTokens
Number of invalid tokens submitted when logon was performed using cloud
single sign-on
StatDBSize
Number of bytes stored in the statistics database
SwapUsed
Number of bytes in the swap space that are currently in use
SwapFree
Number of bytes in the swap space that are currently not in use
TimeConsumedByGTIFileRep Average time (in milliseconds) spent for a cloud lookup performed by Global
CloudLookup
Threat Intelligence to retrieve a file reputation
320
TimeConsumedByGTIURLClo
udLookup
Average time (in milliseconds) spent for a cloud lookup performed by Global
Threat Intelligence to retrieve category information for a particular URL
WebCacheDiskUsage
Percentage of disk space that is currently used by the web cache
WebCacheHits
Number of objects that were requested and found in the web cache
WebCacheMisses
Number of objects that were requested and not found in the web cache
WebCacheObjectsCount
Number of objects in the web cache
McAfee Web Gateway 7.8.0
Interface Reference Guide
23
List of important special glob characters
The following table provides a list of important special characters you can use to create glob type wildcard
expressions.
Table 23-1 List of important special glob characters
Character
Description
?
Matches any single character (if not between square brackets).
For example, ?est matches:
best
rest
test
and others
*
Matches any string, including the empty string (if not between square brackets).
For example, b* matches:
b
best
binary
and others
[...]
Matches any of the single characters included in the square brackets.
? and * are normal characters between square brackets.
For example, [a5?] matches:
a
5
?
The first character must not be an ! (exclamation mark).
!
Matches any single character except those following the exclamation mark.
For example, [!ab] matches:
c
S
%
but not:
a
b
McAfee Web Gateway 7.8.0
Interface Reference Guide
321
23
List of important special glob characters
Table 23-1 List of important special glob characters (continued)
Character
Description
-
Is used to denote a range of characters.
For example, [a-f A-F 0-5] matches:
d
F
3
and others
/
Is not matched by ? or * and cannot be included in [...] or be part of a range.
This means, for example, that
http://linux.die.net/*
does not match the following pathname:
http://linux.die.net/man/7/glob
The pathname is, however, matched by:
http://linux.die.net/*/*/*
\
If preceding ?, *, or [, these are normal characters.
For example, [mn\*\[] matches:
m
n
*
[
.
A . (dot) at the beginning of a file name must be matched explicitly.
For example, the command:
rm *
will not remove the file .profile.
However, the following command will:
rm .*
322
McAfee Web Gateway 7.8.0
Interface Reference Guide
24
List of important special regex characters
The following table provides a list of important special characters you can use to createregex type wildcard
expressions.
The examples given here include the term regex and parentheses. You need to use both when working with
these expressions on an appliance.
Table 24-1 List of important special regex characters
Character Description
.
Matches any single character.
For example, regex(.est) matches:
best
rest
test
and others
*
Matches the preceding character zero or more times
For example, regex(a*b) matches:
b
ab
aaaaab
and others
+
Matches the preceding character once or more times.
For example, regex(c+d) matches:
cd
ccccd
and others
?
Matches the preceding character zero times or once.
For example, regex(m?n) matches:
n
mn
^
Matches the beginning of a line
$
Matches the end of a line
McAfee Web Gateway 7.8.0
Interface Reference Guide
323
24
List of important special regex characters
Table 24-1 List of important special regex characters (continued)
Character Description
{...}
Are used to match a character as many times as specified.
Options:
• a{n} — Matches a character n times
For example, regex(a{3}) matches:
aaa
• a{n,} — Matches a character n and more times
For example, regex(p{4,}) matches:
pppp
ppppp
and others
• a{n,m} — Matches between n and m times, including the limiting values
For example, regex(q{1,3}) matches:
q
qq
qqq
|
Separates expressions that match alternatively.
For example, regex(abc|klm) matches:
abc
klm
(...)
Delimits an alternative expression combined with another expression.
For example, regex(bi(n|rd)) matches:
bin
bird
[...]
Matches any of the single characters included in the square brackets.
For example, regex([bc3]) matches:
b
c
3
-
Is used to denote a range of characters in a bracketed expression.
For example, regex([c-f C-F 3-5]) matches:
d
F
4
and others
324
McAfee Web Gateway 7.8.0
Interface Reference Guide
List of important special regex characters
24
Table 24-1 List of important special regex characters (continued)
Character Description
^
Matches any single character in a bracketed expression except those following the accent
circonflexe.
For example, regex([^a-d]) matches:
e
7
&
and others, but not
a
b
c
d
\
If preceding a special character, turns it into a normal character.
For example, regex(mn\+) matches:
mn+
If preceding some normal characters, matches a particular class of characters.
For information on these classes, refer to the perlre man page or other documentation. The
following are examples of frequently used character classes.
regex(\d) matches numerical characters (digits), such as:
3
4
7
and others
regex(\w) matches alphabetical characters, such as:
a
F
s
and others
regex(\D) matches all characters that are not digits, such as:
c
T
%
and others
McAfee Web Gateway 7.8.0
Interface Reference Guide
325
24
List of important special regex characters
326
McAfee Web Gateway 7.8.0
Interface Reference Guide
25
Third-party software
The following list provides information about third-party software used in developing the McAfee Web Gateway
appliance software.
Third-party software list
Information on third-part software is provided in this list following the alphabetical order of names.
Apache Jakarta Commons IO
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2002-2012 The Apache Software Foundation
Apache log4j
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2007 The Apache Software Foundation.
Apache ORO
Used in portions
Made available under an Apache License, version 1.1
Copyright © 2002-2003 The Apache Software Foundation.
Apache Tomcat
Used in portions
Made available under an Apache License , version 2.0
Copyright © 2012 The Apache Software Foundation.
Apache-Jakarta Codec
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2000-2009 The Apache Software Foundation
McAfee Web Gateway 7.8.0
Interface Reference Guide
327
25
Third-party software
Third-party software list
Apache-Jakarta Fileupload
Used in portions.
Made available under an Apache License, version 2.0
Copyright © 2002-2010 The Apache Software Foundation
Apache-Jakarta Lang
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2001-2011 The Apache Software Foundation
Arabica XML and HTML Toolkit for C++
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Used in portions
Copyright © 2001-2013 Jez UK Ltd
ASM
Used in portions
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Copyright © 2000-2005 INRIA France Telekom.
Boost C++ Libraries
Used in portions
Made available under a Boost Software License, version 1.0
Copyright © miscelleaneous
Bzip2
Used in portions
Made available under a Bzip2 License
Copyright © 1996-2013 julian@bzip.org
Chromium Source
Used in portions
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Copyright © 2010
Code Project - Walking the callstack
Used in portions
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Copyright © 2005 Jochen Kalmbach
328
McAfee Web Gateway 7.8.0
Interface Reference Guide
Third-party software
Third-party software list
25
Dynamic Drive - DD Tooltip
Used in portions
Made available under a Dynamic Drive DHTML Scripts License
Copyright © 1998-2004 Dynamic Drive
Eclipse
Used in portions
Made available under an Eclipse Public License, version 1.0, and a Common Public License
Copyright © 2005-2009 Eclipse contributors and others
ftpparse
Used in portions
Made available under an Ftp Parse License
Copyright © 2000 D. J. Bernstein
fugue icons
Used in portions
Made available under a Creative Commons Attribution License, version 3.0
Copyright © 2013 Yusuke Kamiyamane
Glazed Lists
Used in portions
Made available under a Mozilla Public License, version 1.1
Copyright © 2003-2006 publicobject.com O'Dell Engineering Ltd
googletest
Used in portions
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Copyright © 2008 Google Inc
Info-ZIP project - source-UnZip
Used in portions
Made available under an Info-ZIP Updated License
Copyright © 1999-2005 Greg Roelofs
Jackson JSON Processor Core Annotations
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2000-2005 INRIA France Telecom
McAfee Web Gateway 7.8.0
Interface Reference Guide
329
25
Third-party software
Third-party software list
jersey-bundle
Used in portions
Made available under a Common Development and Distribution License, version 1.0
Copyright © 2000-2005 INRIA France Telecom
JFreeChart
Used in portions
Made available under a GNU Lesser General Public License, version 2.1
Copyright © 2000-2009 Object Refinery Limited and Contributors
JIDE Common Layer
Used in portions
Made available under a GNU Lesser General Public License, version 2.1
Copyright © 2002-2011 JIDE Software, Inc
JSON
Used in portions
Made available from a public domain
jsprogressBarHandler
Used in portions
Made available under a Creative Commons Attribution Share-Alike License, version 2.5
Copyright © 2007 - 2008 Bram Van Damme
JSR-311 - JAX-RS - The Java API for RESTful Web Services
Used in portions
Made available under a Common Development and Distribution License, version 1.0
Copyright © 2009 Sun Microsystems, Inc
jQuery
Used in portions
Made available under a Massachusetts Institute for Technology (MIT) License
Copyright © 2005, 2013 jQuery Foundation, Inc
jQuery UI
Used in portions
Made available under a Massachusetts Institute for Technology (MIT) License
Copyright © 2013 jQuery Foundation and other contributors
330
McAfee Web Gateway 7.8.0
Interface Reference Guide
Third-party software
Third-party software list
25
Kerberos 5
Used in portions
Made available under a Kerberos 5 Massachusetts Institute of Technology (MIT) License
Copyright © 1985-2013 Massachusetts Institute of Technology and contributors
libuuid
Used in portions
Made available under a Theodore Ts'o License
Copyright © 1999 Theodore Ts'o
Mozilla Rhino JavaScript for Java
Used in portions
Made available under a Mozilla Public License, version 1.1
Copyright © 2012 Mozilla Foundation
msgpack
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2004 The Apache Software Foundation
Open BSD
Used in portions
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Copyright © 1982, 1986, 1990, 1991, 1993 The Regents of the University of California
opencsv
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2005 Bytecode Pty Ltd
OpenSSL
Used in portions
Made available under an OpenSSL License, version 1.1
Copyright © 1999-2011 The OpenSSL Project
Paho
Used in portions
Made available under an Eclipse Public License, version 1.0
McAfee Web Gateway 7.8.0
Interface Reference Guide
331
25
Third-party software
Third-party software list
POCO
Used in portions
Made available under a Boost Software License, version 1.0
Prototype JavaScript Framework
Used in portions
Made available under a Massachusetts Institute of Technology (MIT) License, version 2.0
Copyright © 2005-2010 Sam Stephenson
rapidjson
Used in portions
Made available under a Massachusetts Institute of Technology (MIT) License, version 2.0
Copyright © 2011 Milo Yip
RapidXml
Used in portions
Made available under a Massachusetts Institute of Technology (MIT) License, version 2.0
Copyright © 2008 2006, 2007 Marcin Kalicinski
RARLAB-UnRAR
Used in portions
Made available under an unRAR License
Copyright ©1993-2012
RDialog
Used in portions
Made available under a Ruby License
Copyright © 2007 Aleks Clarks
RegExFormatter Tutorial
Used in portions
Made available under a Creative Commons Attribution License, version 2.5
Copyright © 2008, 2010, Oracle and/or its affiliates
Ruby
Used in portions
Made available under a Ruby License, version 2.5
Copyright © 1995-2013 Yukihiro Matsumoto
332
McAfee Web Gateway 7.8.0
Interface Reference Guide
Third-party software
Third-party software list
25
Silk Icons
Used in portions
Made available under a Creative Commons Attribution License, version 2.5
Copyright © 2008 Mark James
StAX2
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2004 Alexander Slominski 2006 Chris Fry
test/unit
Used in portions
Made available under a Ruby License, version 2.0
Copyright © 2000-2003, Nathaniel Talbott
The ASN.1 Compiler
Used in portions
Made available under a Berkeley Software Distribution (BSD) Two Clause License (BSD -) License, version 2.0
Copyright © 2003, 2004, 2005, 2006, 2007 Lev Walkin
The Legion of the Bouncy Castle
Used in portions
Made available under a Massachusetts Institute of Technology (MIT) License, version 2.0
Copyright © 2000-2012 2000 - 2012 The Legion Of The Bouncy Castle
The prefuse visualization toolkit
Used in portions
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Copyright © 2000-2012 Regents of the University of California
Trove for Java
Used in portions
Made available under a Massachusetts Institute of Technology (MIT) License, version 2.0
Copyright © 2000-2012 The Legion of the Bouncy Castle
Valgrind Instrumentation Framework
Used in portions
Made available under a Massachusetts Institute of Technology (MIT) License, version 2.0
Copyright © 2000-2012 The Legion of the Bouncy Castle
McAfee Web Gateway 7.8.0
Interface Reference Guide
333
25
Third-party software
Third-party software list
Woodstox
Used in portions
Made available under an Apache License, version 2.0
Copyright © 2000-2012 2004 Tatu Saloranta
XStream Library
Used in portions
Made available under a Berkeley Software Distribution (BSD) License, version 2.0
Copyright © 2003-2006 Joe Walnes 2006-2007 XStream Committers.
334
McAfee Web Gateway 7.8.0
Interface Reference Guide
Index
A
C
action
list of actions 201
Settings tab 80
administrator
test account 97
Advanced Threat Defense
Gateway ATD settings 128
key elements 127
anti-malware filtering
Gateway Anti-Malware settings 106
module settings 106
system settings 110
TIE Filter settings 109
TIE Reputations settings 109
appliance
Appliances tab 11
log off 7
system information line 7
user interface 7
Central Management
settings 51
cloud connectors
generic HTTP settings 151
generic IceToken settings 161
generic SAML2 settings 153
cloud storage encryption
Cloud Storage Encryption settings 169
Cloud Storage Encryption Support settings 169
authentication
advanced settings 83
Authentication Server settings 83
common settings 83
Kerberos Administration settings 93
LDAP settings 83
Novell eDirectory settings 83
NTML Agent settings 83
NTML settings 83
One-Time Password settings 83
RADIUS settings 83
settings 83
User Database settings 83
Windows Domain Membership settings 94
B
bandwidth throttling
Bandwidth Control settings 138
block reason ID
Authenticate settings 143
Block settings 144
list of block reason IDs 202
Redirect settings 144
McAfee Web Gateway 7.8.0
D
dashboard
evolving data 175
top scores 175
data loss prevention
classification settings 130
dictionaries settings 131
Data Usage Statement 13
DNS servers
reverse lookups 49
settings 49
DXL
Data Exchange Layer settings 42
E
End User License Agreement 13
error handling
list of error IDs 203
list of incident IDs 219
event
list of events 208
external lists
module settings 69
system settings 75
F
feedback collection 15
H
Hardware Security Module
settings 124
Interface Reference Guide
335
Index
help 7
hybrid solution
settings 171
hybrid synchronization
settings 171
proxies (continued)
ICQ settings 38
IFP settings 38
network setup 38
Periodic Rule Engine Trigger List 38
Proxy HA settings 33
settings 38
SOCKS proxy settings 38
TCP window scaling 38
timeouts 38
UDP settings 38
Windows Live Messenger settings 38
XMPP settings 38
Yahoo settings 38
I
ICAP communication
ICAP Client settings 132
ICAP server list 132
ICAP Server settings 38
instant messaging
ICQ settings 38
Windows Live Messenger settings 38
XMPP settings 38
Yahoo settings 38
Q
L
quota management
system settings 103
License settings 13
licensing 13
list
Lists tab 68
log off 7
long running connection handler
ICAP server settings 38
M
media type filtering
key elements 115
rule
Rule Sets tab 61
rule set
Rule Sets tab 61
rule tracing
lists 191
rule tracing panes 191
search 191
S
SAML authentication, external Identity Providers
requests, configuring settings 160
responses, configuring settings 160
SAML SSO data sources
LDAP authentication 157
using a database 158
using a web service 158
using an LDAP server 159
N
next-hop proxies
settings 140
O
online help 7
P
password change 7
Periodic Rule Engine Trigger List 38
policy configuration
rule set views 63
property
list of properties 232
proxies
advanced settings 38
Data Exchange Layer 38
DNS settings 38
DXL 38
FTP settings 38
HTTP settings 38
ICAP Server settings 38
336
R
McAfee Web Gateway 7.8.0
save changes 7
save changes with comments 7
settings
Settings tab 80
Single Sign On lists 164
Single Sign On settings
about 165
certificate and private key 167
single sign-on
key elements 162
lists and settings 164
SOCKS protocol
Protocol Detector settings 142
statistics counters 316
Interface Reference Guide
Index
streaming media filtering
module settings 116
subscribed lists
content settings 76
system configuration
Appliances tab 11
Data Usage Statement 13
Date and Time settings 17
End User License Agreement 13
feedback collection 15
File Editor tab 31
File Server settings 18
License settings 13
licensing 13
Network Interfaces settings 23
Network protection settings 26
Port Forwarding settings 27
Static Routes settings 28
Telemetry settings 15
Tenant Info settings 14
User Interface settings 18
system information line 7
T
tabs
Appliances 11
File Editor 31
Lists 68
Rule Sets 61
Settings 80
Templates 145
TCP window scaling 38
Telemetry settings 15
templates
editor 146
tab 145
Tenant Info settings 14
third-party software 327
TIE server integration
Data Exchange Layer settings 42
TIE Filter settings 109
TIE Reputations settings 109
top-level menus
Accounts 7
McAfee Web Gateway 7.8.0
top-level menus (continued)
Configuration 7
Dashboard 7
Policies 7
Troubleshooting 7
U
URL filtering
key elements 110
user interface
configuration pane 7
help 7
key elements view 64
log off 7
main elements 7
navigation pane 7
password change 7
sample screen capture 7
save changes 7
search 7
Settings tab 80
supporting configuration functions 9
system information line 7
system settings 18
tab bar 7
toolbar 7
top-level menus 7
user preferences 7
user message
Authenticate settings 143
Block settings 144
Redirect settings 144
tab 145
Template Editor 146
W
Web Hybrid
settings 171
wildcard expressions
list of important special glob characters 321
list of important special regular expression characters 323
Interface Reference Guide
337
0-00
Download PDF
Similar pages