FAQs About Extended FQDNs in Skyhigh Security Products
Skyhigh is migrating its remaining McAfee extended FQDNs and URLs in all its products as part of divestiture. Starting September 30, 2024, all remaining extended fully qualified domain names will transition from mcafee.com to the following domains:
-
skyhighsecurity.com
-
skyhigh.cloud
-
trellix.com
This transition is a crucial step in our ongoing efforts to improve our products and services. Failure to update the remaining extended fully qualified domain names from mcafee.com by September 30, 2024, will result in a significant impact on functionality, as we will no longer be supporting McAfee domains after September 30, 2024.
Below is a list of all impacted products and its recommended actions to continue the usage of Skyhigh Securtity services. Failure to upgrade to the recommended versions before September 30, 2024 will result in loss of functionality.
Products Affected:
-
Secure Gateway for On-Prem
-
Skyhigh Client Proxy (SCP)
-
Skyhigh Private Access
-
CASB
-
DLP
-
Content Security Reporter (CSR)
-
Logging Client
SWG On-Prem
All versions below 11.2.16 (EOL announced)
Recommended action: Upgrade all SWG appliances to version 12.2.3 or later
Please refer to this page for SWG EOL versions
SCP
-
All versions below 4.5.2 (EOL announced) & policies pointing to old McAfee domains
-
Any SCP version (4.5.2+) but policies still pointing to old McAfee domains
Recommended actions: Customers are strongly recommended to refer to this KB article to understand the scenarios better & plan their action items.
- If you are using an SCP version prior to 4.5.2, upgrade all SCP versions to 4.8.1 or later & make sure that the policies are pointing to Skyhigh domains & not to the old McAfee domains
- If you are using an SCP version greater than 4.5.2, please make sure that the policies are pointing to the new Skyhigh domains and not to the old McAfee domains. It is recommended to upgrade the SCP to 4.8.1 or later.
Please refer to this page for SCP EOL versions
Private Access
-
Secure App Connector V1
- Skyhigh Client (Android, iOS)
Recommended action:
- Upgrade to the V2 version of the Secure App Connector.
- Upgrade to Android Client (3.0.7 or later); iOS Client version 3.1.1
Skyhigh CASB, DLP
The authentication workflow to access the APIs will need to be modified to use the new Skyhigh URL instead of the existing McAfee URL. The API functionality is not impacted.
Recommendations: Customers are recommended to modify scripts to use the new domains for IAM to obtain user tokens.
- Content Security Reporter
- All versions below 2.9.2
Recommended action: Upgrade to version 2.9.2 or later.
Secure Web Gateway for On-Prem
Customer Impact:
- Communication failures to GTI services
- Communication failure for AV and URL updates
- Not changing the web hybrid address after the update will result in policy synchronization issues once the legacy domain is shut down.
Recommendations: Customers are recommended to upgrade 12.2.3 or later firmware versions
McAfee FQDN | Replacement FQDN | Impacted Product Versions | Customer Action Items before September 2024 |
*.gti.mcafee.com |
All versions below 11.2.16 |
|
|
tau.mcafee.com |
tau.skyhigh.cloud |
All versions below 11.2.16 |
|
*.wgcs.mcafee-cloud.com | *.hybrid.skyhigh.cloud |
All versions below 11.2.16 |
|
Secure Web Gateway for Cloud
Customer Impact:
Access to SWG APIs by obtaining user token from IAM and used in customer automation is affected if scripts using the old domains are not migrated. Customers should also use replacement FQDN in their web policy scripts.
If SAML authentication is used with legacy domain, the setup needs to be updated to use Skyhigh domain - setup guide is available here
Recommendations: Customers are recommended to
-
Modify scripts to use the new domains for IAM to obtain user tokens.
-
Modify scripts to use the new domain for Web policy configuration changes
McAfee FQDN | Replacement FQDN | Customer Action Items before September 2024 |
iam.mcafee-cloud.com webpolicy.cloud.mvision.mcafee-cloud.com saml.wgcs.mcafee-cloud.com |
iam.skyhigh.cloud webpolicy.cloud.mvision.skyhigh.cloud saml.wgcs.skyhigh.cloud |
|
Skyhigh Client Proxy (SCP)
Impacted SCP Versions:
-
All versions below 4.5.2
-
SCP version below 4.5.2 & policies pointing to old McAfee domains
-
Any SCP version with policies still pointing to old McAfee domains
Customer Impact:
Customer who falls under any of the above 3 categories and is using the impacted Skyhigh Client Proxy (SCP) versions with policies still pointing to the old McAfee domains & does not follow the recommended actions before September 30, 2024, they run the risk of going offline resulting in end-user connectivity issues.
Recommendations: Customers are strongly recommended to upgrade to 4.8.1 or later & refer to this KB article for more information on the action items that they need to plan for.
McAfee FQDN | Replacement FQDN | Impacted Product Versions | Customer Action Items before September 2024 |
*.wgcs.mcafee-cloud.com |
*.wgcs.skyhigh.cloud |
All versions below 4.5.2 |
Recommended to upgrade version 4.8.1 or later & check the policies to confirm that none of the policies are pointing to old McAfee domains. For more information refer the below KB article: |
Skyhigh Private Access
Impacted Versions:
-
Secure App Connector V1
-
Skyhigh Client (Android, iOS)
Customer Impact:
Access to Private application will be affected if Secure App Connector, Skyhigh Client (iOS, Android) not upgraded
Recommendations: Customers are recommended to
-
Upgrade to Secure App Connector V2
-
Upgrade to latest Skyhigh Client Android (3.0.7 or higher). iOS Client version 3.1.1
-
Use new Private Access Launchpad URL
McAfee FQDN | Replacement FQDN | Impacted Product Versions | Customer Action Items before September 2024 |
*.wgcs.mcafee-cloud.com |
*.pa-wgcs.skyhigh.cloud |
|
|
api.wgcs.mcafee-cloud.com | api.wgcs.skyhigh.cloud | PA Launchpad / Dashboard | Refer to Mindtouch KB for the latest steps |
CASB, DLP
Customer Impact:
The changes in FQDN impacts the access to CASB and DLP APIs due to the change in the authentication workflow. The URLs to obtain the access token will change from a McAfee FQDN to a Skyhigh branded FQDN (given in the table below). Post authentication, the functionality of the APIs will remain the same. Customers who are using these APIs to extract data from Skyhigh either on a one-off basis or using automation scripts will need to update the authentication FQDNs as listed below. List of publicly available CASB and DLP APIs is available here - https://success.skyhighsecurity.com/Skyhigh_SSE_APIs
Recommendations: Customers are recommended to modify scripts to use the new domains for IAM to obtain user tokens.
McAfee FQDN | Replacement FQDN | Customer Action Items before September 2024 |
iam.mcafee-cloud.com |
iam.skyhigh.cloud |
|
Content Security Reporter (CSR)
Customer Impact: Log file collection from Cloud will stop working.
Recommendation: Customers are recommended to upgrade to CSR 2.9.2 and later.
Logging Client
Customer Impact: Log file collection from Cloud will stop working.
Recommendation: Customers are recommended to use Logging Client 2.0.1 and later.