McAfee Web Gateway (MWG) is a web security product that protects your network against threats arising from the web such as viruses and other malware, inappropriate content, data leaks, and related issues. Some of the main features:
- intercepting and transmitting web traffic (as proxy server),
- authenticating users (against Windows Active Directory – NTLM or Kerberos),
- performs filtering on web objects (URL, virus & malware, media type and web applications),
- monitor the filtering process (with comprehensive reports through McAfee Reporter of Content Security add-on with ePO).
Currently I am running a project and moving away from VMWare ESXi to Hyper-V (Windows Server 2012 R2). McAfee Web Gateway supports Hyper-V as virtualization platform starting from version 126.96.36.199. I tried to load version 7.5 on Hyper-V and run into issue that installation doesn't allow Hyper-V for install. McAfee has released 7.6 just in time as many organisations are evaluating, considering or even migrating to Hyper-V server. Web Gateway performs critical role against current Internet thread landscape and keeps your environment protected for well-known malicious website, files and content.
I am using PowerShell script for a creating new VM and keeping the installation, configuration and migration as smooth as possible, and try to do that within one hour. Migrating the configuration is also a my goal to backup and restore from a configuration file, try to click and enter any information as less as possible.
Hyper-V server and MWG VM:
- VHDX files will be stored on E: volume. Adjust to path where you want to store files
- Memory 16GB as this is minimal requirement for production
- Connecting to vSwitch trunk, renaming network adapter and assigning to internal vlan
- Adding new network adapter, renaming to eth1 and assigning to internet vlan
- Attaching the ISO file and booting up the VM
- Using this script will save you at least 5 minutes and makes sure to stay consistent when replicating the VM appliance to other Hyper-V servers
#Create new Web Gateway Hyper-V appliance
$MWG = "MWG-01" $PathOS = "E:\"+$MWG+"\"+$MWG+".vhdx" New-VM -Name $MWG -Path "E:\" -NewVHDPath $PathOS -NewVHDSizeBytes 80GB -Generation 1 -BootDevice CD Set-VM -Name $MWG -ProcessorCount 2 Set-VM -Name $MWG -MemoryStartupBytes 16GB $MWG | Get-VMNetworkAdapter | Connect-VMNetworkAdapter -SwitchName "vSwitch" Rename-VMNetworkAdapter -VMName $MWG -Name 'Network Adapter' -NewName 'eth0' Set-VMNetworkAdapterVlan –VMName $MWG -VMNetworkAdapterName 'eth0' –Access –VlanId 1234 Add-VMNetworkAdapter –VMName $MWG -SwitchName "vSwitch" Rename-VMNetworkAdapter -VMName $MWG -Name 'Network Adapter' -NewName 'eth1' Set-VMNetworkAdapterVlan –VMName $MWG -VMNetworkAdapterName 'eth1' –Access –VlanId 4567 Set-VMDvdDrive -VMName $MWG -Path "E:\Software\mwgappl-188.8.131.52.0-20505.x86_64.iso" Start-VM $MWG
After booting the ISO image is loaded and boot process starts the installation
Virtual hard disk will be partitioned
Installation of all McAfee Web Gateway packages
Select primary network interface, eth0 for me
DHCP Yes, as I will configure this later on
Enter the MWG Hostname
Confirm initial changes with Yes
Enter the Root password
Enable remote login for SSH
Select volume schema, for me Web Cache 1
Done. MWG starts up
Find the IP address and start internet browser for further configuration
- Login with admin and webgateway password
Accept the Java warning to continue, select your license, and timezone
Network setting, I enabled my eth1 in this screen
New password is required
Finish the wizard
McAfee Web Gateway is installed with Hyper-V and ready for configuration.
For doing global deployment with SCCM read part 2 here.