Knowledge Center

How to install the NTLM Agent and configure Web Gateway to use it for Proxy Authentication
Technical Articles ID:   KB89373
Last Modified:  1/17/2019


McAfee Web Gateway (MWG) 8.x, 7.x
McAfee NTLM Agent 1.6


You have Web Gateway configured to authenticate to a domain controller, but the connection between Web Gateway and the domain controller is either limited by a firewall or you have disabled the legacy SMBv1 protocol. 

To resolve this issue, you can configure Web Gateway to communicate with an authentication broker, the NTLM Agent. Web Gateway can then replay authentication messages to the agent, which then performs a system call and lets Windows validate credentials. Windows then performs the operations it is configured to do, and avoids or removes any compatibility issues.

The connection to this agent requires only a single free definable port to be opened, but the agent must be installed on a member server of the domain.

NOTE: You must have a user account must be set up before the logon. Contact the customer service team for details.

Install the NTLM Agent:
  1. Download the NTLM Agent installation files from the Content & Cloud Security Portal:
  2. Double-click the .exe file and follow the on-screen installation instructions.
    When the installation completes, the NTLM Agent is installed and configured to run as a service on the server.
  3. You see an icon displayed for the agent in the notification area, next to the clock. Right-click the icon to open a menu that contains the basic options for using the NTLM Agent.
  4. Click the Configure option to open the NTLMAgent configuration window and configure the settings for the NTLM Agent.
    NOTE: The configuration window consists of two parts. The left side allows you to configure the agent settings. The right side displays the status of the NTLM Agent and other information. For more information about this pop-up window, see the Related Information field.

Configure the NTLM Agent:
  1. Configure the Network Settings as required:
    The Network Settings section of the configuration window is used to specify the settings required for enabling the NTLM Agent to operate within a network.
    • Listener Port: Use this field to enter the number of the port on the domain controller that is listening for requests from Web Gateway.
      Ensure the value that you enter here corresponds to the one that was specified for the setup of Web Gateway.
      The default port number used by Web Gateway is 9531.
    • Use SSL: Select this box if requests are to use SSL encryption. Ensure that this setting is the same as the setting already configured in Web Gateway.
    • Max Connections: Use this field to enter the maximum number of connections that can be set up for communication between the NTLM Agent and the clients.
      You can restrict the number of parallel connections that the NTLM Agent allows to fight potential attacks.
      NOTE: Usually, each instance of Web Gateway opens one connection, but while changing the Web Gateway settings or if the agent is used multiple times in the settings string of Web Gateway, a few additional connections are needed. The default value is 5.
    • Working Threads per Connection: Use this field to enter the maximum number of working threads that will be used on one open connection.
      The default value is: 5.
    • Default Domain: Use this field to enter a default domain. A default domain is usually entered when the requests sent by the clients to Web Gateway use the basic authentication method.
  2. Configure the Allowed Clients entry:
    The Allowed Clients section of the configuration window is used to specify the clients that are allowed to connect to the NTLM Agent.
    • List field: The list field below the Allowed Clients heading displays a list of the allowed clients.
      You can edit this list using the Input Field and buttons below. 
      NOTE:  If an asterisk (*) is displayed, it means that all clients are allowed. This value is the default.
    • Input field: Use this field to enter a client that you want to add to the list of allowed clients:
      • Enter the IP address of the client and click the Add button next to it.
      • Enter an asterisk (*) to allow all clients.
      • Highlight an entry and click Del to delete a client.
  3. Click Apply Changes.
  4. Click Close to close the configuration window.

Configure Web Gateway:
Connect Web Gateway to the newly installed NTLM Agent.
  1. Open the Authentication Settings window:
    Click Policy, Settings, Engines, Authentication.
  2. Right-click Authentication and choose Add.
  3. Under Name enter a new name, for example NTLM Agent.
  4. Under NTLM-Agent Specific Parameters, enter the agent specifics:
    • See the "NTLM Agent SpecLȴc Parameters (Web Gateway)" section of the Web Gateway Interface Reference Guide (PD27275) for a list of specific parameters.
    • If the Use SSL check box in the NTLM-Agent configuration window is selected, you must enable the Use secure Agent connection.
    • In the Agent definition box, enter either the fully qualified domain name or IP addresses of the servers where you earlier installed the NTLM Agent.
  5. Save your changes.
    NOTE: If you do not save your changes, all further authentication tests might fail.
  6. Click OK to apply the changes.
To test credentials after you connect to the NTLM Agent, view the information returned in an authentication test:
  1. Select Policy, Add Settings tab.
  2. In the left pane under Engines, select Authentication.
  3. In the right pane, under Authentication Method, select your configured NTLM-Agent engine.
  4. Expand Authentication Test by selecting either of the down arrows on either side of Authentication Test.
  5. For User and Password, enter your domain credentials and click Authenticate User.

    Under Test Results, you see the message Authentication OK when the connection is established.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.