How to Forward Proxy Chained CASB Data through WSS.

book

Article ID: 206699

calendar_today

Updated On:

Products

CASB Security Premium

Issue/Introduction

As part of the GCP migration, CASB customer's are required to forward (PSG) Proxy SG traffic through WSS or (MWG) McAfee Web Gateway.

Any customer running the Reach Agent would need to switch to the WSSAgent or Proxy-chaining agentless.

 

Resolution

For Proxy SG, two documents have been released:

Chaining Proxy-SG to WSS-Lite without an Agent Steps to forward CASB only traffic to WSS-Lite.

Chaining Proxy-SG to Full WSS Without an Agent Steps to forward all traffic including all CASB traffic.

 

Additional Information

For McAfee Web Gateway, specific documentation has not been verified.  Use the documents above to see the high level steps for configuration.

The high level tasks are the same.

  • Install the WSS root certificate on the proxy if the proxy is decrypting
  • Install the WSS root certificate on the workstation if MWG is not decrypting.
  • Forward the Traffic to the WSS back-end.