Client Proxy interface reference
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
McAfee Client Proxy 2.3.5 Interface Reference Guide
Client Proxy interface reference
These tables provide information about the policy settings found in the Client Proxy UI.
Policy Catalog
On the McAfee Client Proxy page of the Policy Catalog, you can create, import, export, rename, duplicate, delete,
view, and edit policies.
The Client Proxy policy named McAfee Default is read-only. It can be duplicated and saved with a new name, but it
cannot be renamed, deleted, exported, or edited.
Table 1 Client Proxy policy options
Option Definition
New Policy Opens the Create a new policy dialog box, where you can select an existing policy to use as a
template for a new policy and specify a name.
Import Opens the Import Policies dialog box, where you can browse for the .xml file that has the policy you
want to import.
Export Opens the Export page, where you have these options:
• Click the link — Opens a new tab in your web browser, where you can view the policy in XML
format.
• Right-click the link, then select Save Link As, choose a folder, and optionally update the file name
— Downloads the policy to an .xml file.
Default file name: Policies_For_McAfee_Client_Proxy_.xml
specifies the version number of Client Proxy.
Name Opens the policy settings, which you can edit and save.
Owner Opens a list of users and groups, where you can select the policy owners and save any changes.
1Table 1 Client Proxy policy options (continued)
Option Definition
Assignments Opens the list of nodes, where the policy is assigned.
Actions • Rename — Opens the Rename Policy dialog box, where you specify a new name for the policy.
• Duplicate — Opens the Duplicate Existing Policy dialog box, where you specify a name for the new
policy that is based on an existing policy.
• Delete — Opens the Delete Policy dialog box, where you confirm that you want to delete the
policy.
• Export — Opens the same page as the Export button.
Proxy Servers page
Configure the list of proxy servers and rules that the Client Proxy software uses when redirecting network
traffic.
Table 2 Proxy Servers options
Option Definition
Specify how the Select an option:
software selects a proxy
• connect to the first accessible Proxy Server based on their order in the list below — The
server from the list.
software selects the next proxy server from the list that you configure.
• connect to the Proxy Server which has the fastest response time — The software selects the
next proxy server from the list that it maintains, which is based on response time.
Proxy Server Address Specifies the IP address or host name of the proxy server.
Proxy Port Specifies the port number of the proxy server.
HTTP/HTTPS The software redirects all traffic sent to ports 80 and 443 to a proxy server.
Non-HTTP/HTTPS Specifies the port numbers of protocols other than HTTP/HTTPS whose traffic you
Redirected Ports want redirected. Verify that the proxy server supports these protocols.
Enable Auto proxy switch The software checks the proxy server list at the specified interval to see if a higher
over priority server is available. If available, the software automatically switches to it.
Polling interval Specifies how often the software checks the proxy server list to see if a higher
priority server is available.
Range: 10–3600 seconds
Recommended value: 60 seconds
Specify additional ports that Specifies the numbers of other ports whose traffic you want redirected like HTTP/
you would like to redirect as HTTPS traffic.
HTTP/HTTPS traffic For example, you can redirect requests sent to an application the same as requests
sent to a web browser.
2Table 2 Proxy Servers options (continued)
Option Definition
Block Traffic on above When none of the configured proxy servers can be reached, the software:
configured Ports if none of • Selected — Blocks all traffic sent to the configured ports and default ports 80 and
the Proxy servers is
reachable 443.
• Deselected — Continues to redirect all traffic sent to the configured ports and
default ports 80 and 443.
Bypass proxy server for • Selected — The software does not redirect traffic sent to local addresses inside
local addresses your network.
• Deselected — The software redirects all traffic, including traffic sent to local
addresses inside your network, to a proxy server.
This setting is selected by default.
Client Configuration page
Configure the settings that the Client Proxy software uses to redirect web requests based on the location of the
endpoint: inside or outside the network or connected to the network by VPN.
Table 3 Customer Identifier (McAfee ePO)
Category Option Definition
Customer Identifier Browse Click to locate the .xml file with
the customer ID and shared
Before configuring this page, download the customer password.
ID .xml file from the Web Gateway or McAfee WGCS
server. You must have this information to save the Unique Customer ID Displays the customer ID
configuration. imported from the XML file.
Shared Password Displays the hashed shared
password imported from the
XML file.
Table 4 Shared Password (McAfee ePO Cloud)
Category Option Definition
Configure Shared Password Shared Password Enter and confirm the password that
Client Proxy and McAfee WGCS use to
After you enter the shared password, you communicate securely.
must save the new policy for the password
to be updated in the system. Allow enough Reset Customer When clicked, opens a warning dialog
time for this process to complete. Credentials box, where you can confirm that you
Otherwise, authentication fails. want to change the shared password.
Export Customer When clicked, opens a dialog box, where
Credentials clicking Export Password opens a new tab
in the web browser with the password
and customer ID displayed in XML
format.
3Table 5 Client Configuration options
Category Option Definition
Traffic Redirection Redirect network The software redirects web requests to a proxy server in this case: The
Settings traffic when user is working outside your organization's network and is not
computer is not connected to the network by VPN.
connected to
corporate network
and not working
through VPN
Always redirect The software redirects web requests to a proxy server in all cases:
network traffic to
• The user is working inside your organization's network.
proxy servers
• The user is working outside your network and is connected by VPN.
• The user is working outside your network and is not connected by
VPN.
Corporate Network Detect if MCP is Select an option:
Detection inside the corporate • by testing connectivity to ePO — The software determines whether the
network
endpoint is inside the network by pinging the McAfee ePO server.
Best practice: We recommend this option.
• by testing connectivity to any of the following corporate servers — The software
determines whether the endpoint is inside the network by pinging the
specified servers on the network.
Server Address Specifies the IP address or host name of a server on your organization's
network.
Server Port Specifies the port number of the server on your organization's network.
Corporate VPN Detect if MCP is Specifies the addresses of one or more VPN servers. The software
Detection connected to a determines whether the endpoint is connected to the VPN by pinging
corporate VPN the servers you specify.
Server Address Specifies the IP address or host name of a VPN server on your
organization's network.
Server Port Specifies the port number of the VPN server on your organization's
network.
Active Directory Regular Expression Specifies the names of one or more Active Directory groups. The
Groups Filter software uses the names to filter the groups in the header that it adds to
web requests before redirecting them to the proxy server.
Format: \\
Group membership information must not exceed 4096 characters.
Include / Exclude For each regular expression, select an option:
• Include — Includes the Active Directory name in the header added to
the web request.
• Exclude — Excludes the Active Directory name in the header added to
the web request.
4Table 5 Client Configuration options (continued)
Category Option Definition
Log File Settings (OS X Only) Specifies how much information the software logs to a file. Select an
option:
• Log messages with Error and Critical priority
• Log messages with Error, Critical, Information, and Warning priority
• Log all messages (recommended for troubleshooting and debugging)
• Don't log any messages
Log files are located in the following folder on the endpoint running
macOS:
C:\Program Data\McAfee\MCP\Logs
Access Protection Enable access Users are allowed to:
(Windows Only) protection • Use Windows Task Manager to disable the software
• Edit or delete files
• Change registry values
Request release key • Selected — Users can request a release code from an administrator
for manual uninstall and use it to uninstall the software.
• Deselected — Users must use the Windows uninstall feature to
uninstall the software.
Best practice: Use a release code to uninstall the software.
Bypass List page
The Client Proxy software allows web requests that match the items in the bypass list to pass the proxy server
and go directly to the Internet.
To add items to the bypass list, select them from the Common Catalog instance that is linked to the Client Proxy
policy.
Table 6 Bypass List options
Option Definition
Actions From the drop-down list, select:
• Add bypass list item — Select an item type, then select one or more items from the Common
Catalog, and add them to the bypass list.
• Domain Name
• Network Address
• Network Port
• Process List
• Edit/View — Edit the selected item in the bypass list.
• Remove — Remove the selected items from the bypass list.
Show selected rows Only the selected items in the bypass list are shown.
5Block List page
Configure the list of processes that the Client Proxy software blocks from accessing the Internet.
Table 7 Block List options
Option Definition
Allow traffic to go directly to The software allows all processes to access the Internet without going
destination through a proxy server.
Block traffic for all processes (except The software blocks all processes from accessing the Internet (except
bypass listed processes) processes included on the bypass list).
Best practice: Use this option as a last resort. It can block system
processes from reaching the Internet and prevent normal operation on the
endpoint.
Block traffic only for the following Allows you to configure the names of processes that you want blocked from
processes accessing the Internet and add them to the block list.
Copyright © 2018 McAfee, LLC
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other
marks and brands may be claimed as the property of others.
6 0A-00You can also read
