Loading...

Knowledge Center


How to configure Web Gateway Cloud Service country-specific and region-specific prefixes
Technical Articles ID:   KB87631
Last Modified:  12/11/2018
Rated:


Environment

McAfee Web Gateway Cloud Service (formerly McAfee SaaS Web Protection 1.x)

Summary

The Global Routing Manager (GRM) intelligently routes traffic to the closest McAfee Point of Presence (PoP). For example, if a user is in Italy, they are routed to the closest PoP in Europe, rather than to North America or Asia. If that same user travels to New York City, they are routed to the PoP in New York, unless restricted by administrative policy.

The GRM is a DNS-based load-balancing service that returns to the endpoint the route to the closest PoP, and considers the following information:
  • Geo-location of the user/endpoint
  • DNS request IP address
  • PoP availability
  • Proxy DNS name
The precise geo-location is needed to achieve the best performance and provide localized Internet content to greatly improve the user experience. To achieve a good approximation of the geo-location of the user or endpoint, the IP address of the endpoint sending a DNS request to the GRM is essential. The IP address seen on the GRM is typically not the same as the client IP address of the HTTP request. Instead, it is the IP address of the DNS resolver that the endpoint used.

Problem

The geo-location reported for an endpoint might not be the correct geo-location in which the endpoint is located if you use cloud DNS services such as Google DNS or OpenDNS. These cloud DNS services use outbound IP addresses that are geo-located within the United States. The same behavior applies to customers who manage their own centralized DNS infrastructure in a specific country or region. This behavior can also impact the user experience while receiving webpages (content) in a foreign language.

NOTE: There is no issue for customers who are using a decentralized DNS infrastructure.

Solution

When using cloud DNS services or centralized DNS infrastructure to enforce the correct geo-location, special purpose prefixes can be used for the country or region selection. The prefixes are hierarchically organized with continents on the top level, then regions followed by countries. It is advisable to choose a prefix with widest geographical area coverage because the prefix restricts dynamic load distribution and failover.
 
IMPORTANT: Use prefixes only when absolutely necessary. Use of a prefix overrules the dynamic routing logic of GRM. When prefixes are used to enforce the selection of a specific geo-location, users might experience overall performance issues when traveling. An increase in network latency, dynamic failover, and load-balancing issues can occur.
 
Use a prefix for proxy settings to specify the preference for a PoP from a certain country or region.
  • Country-specific prefix: If the host name for a proxy includes a prefix for an individual country, the closest/best PoP within the country is selected.
  • Region-specific prefix: If the host name for a proxy includes a prefix for a larger region, the closest/best PoP within that region is selected.
Syntax:
prefix.c<customer-ID>.saasprotection.com

An example with a region-specific prefix for the European Union is eu.c12345678.saasprotection.com.

CAUTION: Using an IP address instead of a host name for proxy settings is not supported.
 
In the unlikely case that no PoP is available within the country or region specified in the proxy host name, the preconfigured fallback is to use the closest PoP regardless of the country or region.
 
Use the following predefined set of prefixes (subdomains) to use the nearest PoP from the selected country or region for the endpoint.
 
Continents/Regions Prefix
Africa africa
Asia asia
Europe eu
North America na
Pacific island countries pacific
Latin America ltam
Asia Pacific apac
 
NORTH AMERICA Prefix
Canada ca
North America East Coast na-east
North America West Coast na-west
USA East us-east
USA West us-west
 
LATIN AMERICA Prefix
Argentina ar
Bolivia bo
Brazil br
Chile cl
Colombia co
Mexico mx
Paraguay py
Peru pe
Uruguay uy
Venezuela ve
 
EUROPE Prefix
Austria at
Belgium be
Czech Republic cz
Denmark dk
Finland fi
France fr
Germany de
Hungary hu
Ireland ie
Italy it
Netherlands nl
Norway no
Poland pl
Portugal pt
Romania ro
Serbia rs
Slovakia sk
Spain es
Sweden se
Switzerland ch
United Kingdom uk
 
ASIA/PACIFIC Prefix
Asia asia
Pacific island countries pacific
Middle East / Israel il
Australia au
Australia East au-east
Australia West au-west
Hong Kong hk
India in
India North in-north
India West in-west
Japan jp
Korea kr
New Zealand nz
Philippines ph
Singapore sg
 
AFRICA Prefix
South Africa za

 
NOTE: The dashboard at http://trust.mcafee.com provides key status information for the Web Gateway Cloud Service, including data center status, recent incidents, and scheduled maintenance.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.