Configuring Global Routing Manager country and region prefixes

Technical Articles ID: KB87631
Last Modified: 7/23/2020

Environment

McAfee Web Gateway Cloud Service (formerly McAfee SaaS Web Protection 1.x)
McAfee Unified Cloud Edge (UCE)

Summary

The Global Routing Manager (GRM) intelligently routes traffic to the closest McAfee Point of Presence (PoP). For example, if a user is in Italy, they are routed to the closest PoP in Europe, rather than to North America or Asia. If that same user travels to New York City, they are routed to the PoP in New York, unless restricted by administrative policy.

The GRM is a DNS-based load-balancing service that returns to the endpoint the route to the closest PoP, and considers the following information:

Geo-location of the user/endpoint
DNS request IP address
PoP availability
Proxy DNS name

The precise geo-location is needed to achieve the best performance and provide localized internet content to greatly improve the user experience. To achieve a good approximation of the geo-location of the user or endpoint, the IP address of the endpoint sending a DNS request to the GRM is essential. The IP address seen on the GRM is typically not the same as the client IP address of the HTTP request. Instead, it is the IP address of the DNS resolver that the endpoint used.

Problem

If you use cloud DNS services, such as Google DNS or OpenDNS, the geo-location reported for an endpoint might not be the correct geo-location in which the endpoint is located. These cloud DNS services use outbound IP addresses that are geo-located within the United States. The same behavior applies to customers who manage their own centralized DNS infrastructure in a specific country or region. This behavior can also impact the user experience while receiving webpages (content) in a foreign language.

NOTE: There is no issue for customers who are using a decentralized DNS infrastructure.

Solution

When using cloud DNS services or centralized DNS infrastructure to enforce the correct geo-location, you can use special purpose prefixes for the country or region selection. The prefixes are hierarchically organized with continents on the top level, then regions, and then countries. Choose a prefix with the widest geographical area coverage because the prefix restricts dynamic load distribution and failover.

IMPORTANT: Use prefixes only when needed. Use of a prefix overrules the dynamic routing logic of GRM. When prefixes are used to enforce the selection of a specific geo-location, users might experience overall performance issues when traveling. An increase in network latency, dynamic failover, and load-balancing issues can occur.

Use a prefix for proxy settings to specify the preference for a PoP from a certain country or region:

Country-specific prefix: If the host name for a proxy includes a prefix for an individual country, the closest or best PoP within the country is selected.
Region-specific prefix: If the host name for a proxy includes a prefix for a larger region, the closest or best PoP within that region is selected.

Syntax:

<prefix>.c<customerID>.saasprotection.com
<prefix>.c<customerID>.wgcs.mcafee-cloud.com

For example:

Web Gateway Cloud Service Country-specific prefix for the United Kingdom is:
uk.c12345678.saasprotection.com
Unified Cloud Edge Country-specific prefix for the United Kingdom is:
uk.c12345678.wgcs.mcafee-cloud.com for

CAUTION: Using an IP address instead of a host name for proxy settings is not supported.

In the unlikely case that no PoP is available within the country or region specified in the proxy host name, the preconfigured fallback is to use the closest PoP regardless of the country or region.

To use the nearest PoP from the selected country or region for the endpoint, use the following predefined set of prefixes (subdomains):

Continents/Regions	Prefix
Africa	africa
Asia	asia
Europe	eu
North America	na
Pacific island countries	pacific
Latin America	ltam
Asia Pacific	apac

NORTH AMERICA	Prefix
Canada	ca
North America East Coast	na-east
North America West Coast	na-west
USA East	us-east
USA West	us-west

LATIN AMERICA	Prefix
Argentina	ar
Bolivia	bo
Brazil	br
Chile	cl
Colombia	co
Mexico	mx
Paraguay	py
Peru	pe
Uruguay	uy
Venezuela	ve

EUROPE	Prefix
Austria	at
Belgium	be
Czech Republic	cz
Denmark	dk
Finland	fi
France	fr
Germany	de
Greece	gr
Hungary	hu
Ireland	ie
Italy	it
Netherlands	nl
Norway	no
Poland	pl
Portugal	pt
Romania	ro
Serbia	rs
Slovakia	sk
Spain	es
Sweden	se
Switzerland	ch
United Kingdom	uk

ASIA/PACIFIC	Prefix
Asia	asia
Pacific island countries	pacific
Middle East / Israel	il
Australia	au
Australia East	au-east
Australia West	au-west
Hong Kong	hk
India	in
India North	in-north
India West	in-west
Japan	jp
Korea	kr
New Zealand	nz
Philippines	ph
Singapore	sg
Taiwan	tw

AFRICA	Prefix
South Africa	za

NOTE: The dashboard at http://trust.mcafee.com provides key status information for the Web Gateway Cloud Service, including data center status, recent incidents, and scheduled maintenance.

Affected Products

Configuration
SaaS Web Protection 1.0
Unified Cloud Edge
Web Gateway Cloud Service

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Configuring Global Routing Manager country and region prefixes

Environment

Summary

Problem

Solution

Affected Products

Glossary of Technical Terms

Title

Title

Featured Solutions:Draft for New Nav

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

Configuring Global Routing Manager country and region prefixes

Environment

Summary

Problem

Solution

Affected Products

Glossary of Technical Terms

Choose your region

Title

Title