Skip to main content
Skyhigh Security

Set up Client Proxy

You need to first set up the Client Proxy software on the Web Gateway Setup page.

This includes the configuration of tenant credentials, primary proxy server, proxy selection method (how Client Proxy software selects the active proxy server from the list) and create a Client Proxy policy with the default values. Make sure to download the policy and deploy it to the endpoints. Once you successfully deploy Client Proxy on the endpoints, the administrators can customize the Client Proxy policy on the SCP Configuration page in the UI.

  1. Go to Settings Infrastructure > Web Gateway Setup.
    2023-08-24_11-16-33.png
  2. Click Get Started.
    2.png
  3. In Enter Tenant Authentication Credentials, click Configure.
    1. In the New Shared Secret field, enter the new shared secret. The shared secret is the password that secures communication between Client Proxy and Skyhigh Security WGCS.
    2. In the Confirm New Shared Secret field, confirm the new shared secret.
    3. Click Save.

3.png

  1. In Define Gateway Server Address, click Configure.
    1. From the Add Gateway drop-down list, choose Add Inline, enter gateway hostname or IP address of the gateway, and listening port. Best practice is to configure two gateways, using fully qualified domain names (FQDN) for the host names and specifying port 8080 for one gateway and 80 to the other gateway.

      4a.png
    2. Click the + icon to configure another proxy server.
    3. (Optional) From the Import CSV drop-down list, you can import the gateway details to the .csv file.
    4. (Optional) From the Export CSV drop-down list, you can download the configured gateway list to the .csv file.
    5. Click Save.
  2. In Determine Gateway Selection Method, click Configure.
    • First Available — Select this to connect to the first accessible proxy server from the list that you configure. This option is useful when you prefer to select a specific server.
      • Automatic Switch Over — When this option is enabled, the software checks the proxy server list at the interval you specify. If a higher priority proxy server is available, the software automatically switches to it.
        The auto-proxy switchover option is available only when connect to the first accessible proxy server based on their order in the list below is selected.
      • In Polling Interval (10 to 3600 seconds), specify the interval the Client Proxy software checks for the active gateway in the configured gateway list.
    • Fastest Response Time — Select this to connect to the proxy server that has the fastest response time in the list that you configure.
    • Click Save.
      5a.png
  3. In Name and Publish Policy, click Configure.
    1. Provide a name for the policy.
    2. Click Save Policy.
  4. Click the yellow badge to publish the saved changes.
  5. Click Download to download the Client Proxy policy file saved to an .opg file. Once Client Proxy software is installed on endpoints, the Client Proxy needs its first policy configuration to communicate to Skyhigh Security WGCS. Rename the .opg file to SCPPolicy.opg and copy it to this location on the client computers.
    • Windows-based computers — C:\ProgramData\Skyhigh\SCP\Policy\Temp
    • macOS computers — /usr/local/McAfee/Scp/policy

      The Client Proxy establishes trust and redirect traffic to Skyhigh Security WGCS using tenant Information and shared secret. The Client Proxy redirects traffic even if no user logs in. However, it bypasses OS core processes traffic from the process IDs 2, 4, and 8 and redirects the rest of the processes traffic, including processes created by the service account. 

IMPORTANT: Click the yellow badge to publish all your locally saved changes. When you complete the Client Proxy configuration, the administrators can add proxy servers and customize the policy on the Client Proxy Management UI page.

  • Was this article helpful?