Download our new support app to manage your open Service Requests.
Loading...Are you a consumer customer? Visit the Consumer Support Site |
How to configure Web Gateway Cloud Service country-specific and region-specific prefixes
Technical Articles ID:
KB87631
Last Modified: 12/11/2018 Rated:   EnvironmentMcAfee Web Gateway Cloud Service (formerly McAfee SaaS Web Protection 1.x)
SummaryThe Global Routing Manager (GRM) intelligently routes traffic to the closest McAfee Point of Presence (PoP). For example, if a user is in Italy, they are routed to the closest PoP in Europe, rather than to North America or Asia. If that same user travels to New York City, they are routed to the PoP in New York, unless restricted by administrative policy.
The GRM is a DNS-based load-balancing service that returns to the endpoint the route to the closest PoP, and considers the following information:
The precise geo-location is needed to achieve the best performance and provide localized Internet content to greatly improve the user experience. To achieve a good approximation of the geo-location of the user or endpoint, the IP address of the endpoint sending a DNS request to the GRM is essential. The IP address seen on the GRM is typically not the same as the client IP address of the HTTP request. Instead, it is the IP address of the DNS resolver that the endpoint used.
ProblemThe geo-location reported for an endpoint might not be the correct geo-location in which the endpoint is located if you use cloud DNS services such as Google DNS or OpenDNS. These cloud DNS services use outbound IP addresses that are geo-located within the United States. The same behavior applies to customers who manage their own centralized DNS infrastructure in a specific country or region. This behavior can also impact the user experience while receiving webpages (content) in a foreign language.
NOTE: There is no issue for customers who are using a decentralized DNS infrastructure. SolutionWhen using cloud DNS services or centralized DNS infrastructure to enforce the correct geo-location, special purpose prefixes can be used for the country or region selection. The prefixes are hierarchically organized with continents on the top level, then regions followed by countries. It is advisable to choose a prefix with widest geographical area coverage because the prefix restricts dynamic load distribution and failover.
IMPORTANT: Use prefixes only when absolutely necessary. Use of a prefix overrules the dynamic routing logic of GRM. When prefixes are used to enforce the selection of a specific geo-location, users might experience overall performance issues when traveling. An increase in network latency, dynamic failover, and load-balancing issues can occur.
Use a prefix for proxy settings to specify the preference for a PoP from a certain country or region.
Syntax:
prefix.c<customer-ID>.saasprotection.com An example with a region-specific prefix for the European Union is eu.c12345678.saasprotection.com. CAUTION: Using an IP address instead of a host name for proxy settings is not supported. In the unlikely case that no PoP is available within the country or region specified in the proxy host name, the preconfigured fallback is to use the closest PoP regardless of the country or region.
Use the following predefined set of prefixes (subdomains) to use the nearest PoP from the selected country or region for the endpoint.
NOTE: The dashboard at http://trust.mcafee.com provides key status information for the Web Gateway Cloud Service, including data center status, recent incidents, and scheduled maintenance.
|
Copyright © McAfee LLC
|
Question?