Web Gateway download servers


McAfee Web Gateway (MWG)


MWG needs to access several download servers to get all needed files for engine, definition, and product updates. If an outbound firewall blocks access, MWG might not retrieve all needed data. This block can lead to failing updates or missing the latest available security signatures.

The following data is retrieved from the download servers:

  • URL Filter/TrustedSource
  • AV Engines (all)
  • Application Control Signature Sets
  • DLP
  • New product versions
  • Operating system upgrades
Download server maintenance down time
The download server infrastructure for MWG is a worldwide cluster with multiple servers. When McAfee must perform regular maintenance tasks on any of the download servers, they are taken out of the pool of available servers. This action prevents any impact on your local MWG appliances. Your appliance automatically picks another available download server.

If MWG is already pointing at the server that is being taken offline for maintenance, you might see a "red alert" in your Alerts Dashboard about a failed update. MWG immediately tries the next available download server in the list to make sure that your appliance stays up to date.

You can verify that the "red alert" can be ignored due to maintenance by filtering your Alerts Dashboard for the word Updater. If you see a green success message immediately following the red failure message, your update succeeded and there is no reason for concern.


Make sure that MWG can contact the following download servers using HTTPS (TCP/443):
appliance.webwasher.com, (US)
appliance1.webwasher.com; (Germany)
appliance2.webwasher.com, (Japan)
mwg-update.mcafee.com  multiple IP addresses (Content Delivery Network)

IMPORTANT: The IP addresses are subject to change. This article might not contain the latest updates. McAfee strongly recommends not configuring the download server IP addresses manually because IP address changes might prevent MWG from retrieving all needed files.

As a best practice, allow MWG to communicate to HTTPS services (TCP/443) for any destination. Or, it is possible to use a next-hop proxy in your network, which allows MWG to contact the download servers.