McAfee Client Proxy 2.3.3 Interface Reference Guide Reference Guide

McAfee Client Proxy 2.3.3 Interface Reference
Guide
(McAfee ePolicy Orchestrator)
Client Proxy interface reference
These tables provide information about the policy settings found in the Client Proxy UI.
Policy Catalog
On the McAfee Client Proxy page of the Policy Catalog, you can create, import, export, rename, duplicate, delete,
view, and edit policies.
The Client Proxy policy named McAfee Default is read-only. It can be duplicated and saved with a new name, but it
cannot be renamed, deleted, exported, or edited.
Table 1 Client Proxy policy options
Option
Definition
New Policy
Opens the Create a new policy dialog box, where you can select an existing policy to use as a
template for a new policy and specify a name.
Import
Opens the Import Policies dialog box, where you can browse for the .xml file that has the policy you
want to import.
Export
Opens the Export page, where you have these options:
• Click the link — Opens a new tab in your web browser, where you can view the policy in XML
format.
• Right-click the link, then select Save Link As, choose a folder, and optionally update the file name
— Downloads the policy to an .xml file.
Default file name: Policies_For_McAfee_Client_Proxy_<x.y.z>.xml
<x.y.z> specifies the version number of Client Proxy.
Name
Opens the policy settings, which you can edit and save.
Owner
Opens a list of users and groups, where you can select the policy owners and save any changes.
1
Table 1 Client Proxy policy options (continued)
Option
Definition
Assignments Opens the list of nodes, where the policy is assigned.
Actions
• Rename — Opens the Rename Policy dialog box, where you specify a new name for the policy.
• Duplicate — Opens the Duplicate Existing Policy dialog box, where you specify a name for the new
policy that is based on an existing policy.
• Delete — Opens the Delete Policy dialog box, where you confirm that you want to delete the
policy.
• Export — Opens the same page as the Export button.
Proxy Servers page
Configure the list of proxy servers and rules that the Client Proxy software uses when redirecting network
traffic.
Table 2 Proxy Servers options
Option
Definition
Specify how the
software selects a
proxy server from the
list.
Select an option:
• connect to the first accessible Proxy Server based on their order in the list below — The
software selects the next proxy server from the list that you configure.
• connect to the Proxy Server which has the fastest response time — The software selects the
next proxy server from the list that it maintains, which is based on response time.
Proxy Server Address
Specifies the IP address or host name of the proxy server.
Proxy Port
Specifies the port number of the proxy server.
HTTP/HTTPS
The software redirects all traffic sent to ports 80 and 443 to a proxy server.
Non-HTTP/HTTPS
Redirected Ports
Specifies the port numbers of protocols other than HTTP/HTTPS whose traffic you
want redirected. Verify that the proxy server supports these protocols.
Enable Auto proxy switch
over
The software checks the proxy server list at the specified interval to see if a higher
priority server is available. If available, the software automatically switches to it.
Polling interval
Specifies how often the software checks the proxy server list to see if a higher
priority server is available.
Range: 10–3600 seconds
Recommended value: 60 seconds
Specify additional ports that Specifies the numbers of other ports whose traffic you want redirected like HTTP/
you would like to redirect as HTTPS traffic.
HTTP/HTTPS traffic
For example, you can redirect requests sent to an application the same as requests
sent to a web browser.
Bypass proxy server for
local addresses
• Selected — The software does not redirect traffic sent to local addresses inside
your network.
• Deselected — The software redirects all traffic, including traffic sent to local
addresses inside your network, to a proxy server.
This setting is selected by default.
2
Client Configuration page
Configure the settings that the Client Proxy software uses to redirect web requests based on the location of the
endpoint: inside or outside the network or connected to the network by VPN.
Table 3 Customer Identifier and Shared Password
Category
Option
Definition
Customer Identifier
Browse
Click to locate the XML file with the
customer ID and shared password.
Unique Customer
ID
Specifies the unique customer
identification number provided by the
Web Gateway or McAfee WGCS
administrator.
Shared Password
Specifies the hashed shared password
provided by the Web Gateway or
McAfee WGCS administrator.
Before configuring this page, download the
customer ID XML file from the Web Gateway or
McAfee WGCS server. You must have this
information to save the configuration.
Table 4 Client Configuration options
Category
Option
Definition
Traffic Redirection
Settings
Redirect network
traffic when
computer is not
connected to
corporate network
and not working
through VPN
The software redirects web requests to a proxy server in this case: The
user is working outside your organization's network and is not
connected to the network by VPN.
Always redirect
network traffic to
proxy servers
The software redirects web requests to a proxy server in all cases:
• The user is working inside your organization's network.
• The user is working outside your network and is connected by VPN.
• The user is working outside your network and is not connected by
VPN.
Corporate Network Detect if MCP is
Detection
inside the corporate
network
Select an option:
• by testing connectivity to ePO — The software determines whether the
endpoint is inside the network by pinging the McAfee ePO server.
Best practice: We recommend this option.
• by testing connectivity to any of the following corporate servers — The software
determines whether the endpoint is inside the network by pinging the
specified servers on the network.
Corporate VPN
Detection
Server Address
Specifies the IP address or host name of a server on your organization's
network.
Server Port
Specifies the port number of the server on your organization's network.
Detect if MCP is
connected to a
corporate VPN
Specifies the addresses of one or more VPN servers. The software
determines whether the endpoint is connected to the VPN by pinging
the servers you specify.
Server Address
Specifies the IP address or host name of a VPN server on your
organization's network.
Server Port
Specifies the port number of the VPN server on your organization's
network.
3
Table 4 Client Configuration options (continued)
Category
Option
Definition
Active Directory
Groups Filter
Regular Expression
Specifies the names of one or more Active Directory groups. The
software uses the names to filter the groups in the header that it adds to
web requests before redirecting them to the proxy server.
Format: <domain_name>\\<group_name>
Group membership information must not exceed 4096 characters.
Include / Exclude
For each regular expression, select an option:
• Include — Includes the Active Directory name in the header added to
the web request.
• Exclude — Excludes the Active Directory name in the header added to
the web request.
Log File Settings (OS X Only)
Specifies how much information the software logs to a file. Select an
option:
• Log messages with Error and Critical priority
• Log messages with Error, Critical, Information, and Warning priority
• Log all messages (recommended for troubleshooting and debugging)
• Don't log any messages
Log files are located in the following folder on the endpoint running Mac
OS X or macOS:
C:\Program Data\McAfee\MCP\Logs
Access Protection
(Windows Only)
Enable access
protection
Users are allowed to:
• Use Windows Task Manager to disable the software
• Edit or delete files
• Change registry values
Request release key
for manual uninstall
• Selected — Users can request a release code from an administrator
and use it to uninstall the software.
• Deselected — Users must use the Windows uninstall feature to
uninstall the software.
Best practice: Use a release code to uninstall the software.
Bypass List page
The Client Proxy software allows web requests that match the items in the bypass list to pass the proxy server
and go directly to the Internet.
To add items to the bypass list, select them from the Common Catalog instance that is linked to the Client Proxy
policy.
4
Table 5 Bypass List options
Option
Definition
Actions
From the drop-down list, select:
• Add bypass list item — Select an item type, then select one or more items from the Common
Catalog, and add them to the bypass list.
• Domain Name
• Network Address
• Network Port
• Process List
• Edit/View — Edit the selected item in the bypass list.
• Remove — Remove the selected items from the bypass list.
Show selected rows Only the selected items in the bypass list are shown.
Block List page
Configure the list of processes that the Client Proxy software blocks from accessing the Internet.
Table 6 Block List options
Option
Definition
Allow traffic to go directly to
destination
The software allows all processes to access the Internet without going
through a proxy server.
Block traffic for all processes (except The software blocks all processes from accessing the Internet (except
processes included on the bypass list).
bypass listed processes)
Best practice: Use this option as a last resort. It can block system
processes from reaching the Internet and prevent normal operation on the
endpoint.
Block traffic only for the following
processes
Allows you to configure the names of processes that you want blocked from
accessing the Internet and add them to the block list.
Copyright © 2018 McAfee, LLC
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other
marks and brands may be claimed as the property of others.
0-00
5
Download PDF