Web Gateway download servers

Technical Articles ID:   KB65496
Last Modified:  2/21/2019

Environment

McAfee Web Gateway (MWG) 8.x, 7.x

Summary

MWG needs to access several download servers to get all required files for engine, definition, and product updates. If an outbound firewall blocks access, MWG might not retrieve all needed data. This block can lead to failing updates or missing the latest available security signatures.

The following data is retrieved from the download servers:

  • URL Filter/TrustedSource
  • AV Engines (all)
  • Application Control Signature Sets
  • DLP
  • New product versions
  • Operating system upgrades
Download server maintenance down time
The download server infrastructure for MWG is a worldwide cluster with multiple servers. When McAfee must perform regular maintenance tasks on any of the download servers, they are taken out of the pool of available servers to prevent any impact on your local MWG appliances. Your appliance automatically picks another available download server.

If MWG is already pointing at the server that is being taken offline for maintenance, you might see a "red alert" in your Alerts Dashboard about a failed update. MWG immediately tries the next available download server in the list to ensure that your appliance stays up to date.

You can verify that the "red alert" can be ignored due to maintenance by filtering your Alerts Dashboard for the word Updater. If you see a green success message immediately following the red failure message, your update succeeded and there is no reason for concern.

Solution

Ensure that MWG can contact the following download servers using HTTPS (TCP/443).
 
MWG versions released after March 2013:

tau.mcafee.com                        80.237.238.81, 217.172.176.87, 138.201.20.29
 
tau-europe.mcafee.com          161.69.161.30

tau-usa.mcafee.com                161.69.29.249

tau1-2.mcafee.com                  80.237.238.82
tau1-3.mcafee.com                  62.75.131.5
tau1-4.mcafee.com                  138.201.20.49

tau-usa1.mcafee.com              64.34.163.238
tau-usa2.mcafee.com              8.21.163.5

tau-asia.mcafee.com               161.69.207.65

appliance.webwasher.com     64.34.186.62 (US)
appliance1.webwasher.com   176.9.139.118 (Germany)
appliance2.webwasher.com   52.193.50.118 (Japan)

mwg-update.mcafee.com        multiple IP addresses (Content Delivery Network)
 
MWG versions released before March 2013:
 
wpm.webwasher.com             80.237.238.80, 217.172.176.61
wpm-usa.webwasher.com     64.34.167.126, 8.21.163.3
wpm-asia.webwasher.com    161.69.207.64

wpm1-2.webwasher.com       37.61.207.130
wpm1-3.webwasher.com       217.172.176.9

wpm-usa1.webwasher.com   64.34.186.61
wpm-usa2.webwasher.com   8.21.163.2

wpm-asia1.webwasher.com  161.69.225.10

appliance.webwasher.com     64.34.186.62 (US)
appliance1.webwasher.com   176.9.139.118 (Germany)
appliance2.webwasher.com   52.193.50.118 (Japan)

mwg-update.mcafee.com        multiple IP addresses (Content Delivery Network)

 
IMPORTANT: The IP addresses are subject to change. This article might not contain the latest updates. McAfee strongly recommends not configuring the download server IP addresses manually because IP address changes might prevent MWG from retrieving all needed files.

As a best practice, allow MWG to communicate to HTTPS services (TCP/443) for any destination. Or, it is possible to use a next-hop proxy in your network, which allows MWG to contact the download servers.

Related Information

Last update of download server IP addresses: March 9, 2018.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.