Skip to main content
Skyhigh Security

Migrate from SWE to SWG Cloud (ePO Cloud Managed MCP Agent and Policy)

Verification

Check Accounts

Make sure that your Skyhigh Security accounts are working as expected and check that your ePO Cloud accounts were successfully migrated to Skyhigh Security Cloud. 

  1. Log in to Skyhigh Security Cloud (https://auth.ui.mcafee.com)
    Use your email ID and password (the same account credentials as the administrator for ePO Cloud).
  2. Confirm if the login was successful or if you receive an error message for a failed login attempt.

If any needed account is not working, contact Skyhigh Support.

Check the Customer ID

Verify that the Customer ID remains the same:

  1. Log in to ePO Cloud.
  2. Go to MenuWeb ProtectionGetting Started.
  3. Make a note of the Customer ID.
  4. Log in to Skyhigh Security Cloud.
  5. Go to Settings > Infrastructure > Client Proxy Management.
  6. Click Global ConfigurationTenant Authentication.
  7. Compare if the displayed Customer ID matches the one in ePO Cloud. If not, contact Skyhigh Support.

Verify Data

Verify that data from ePO Cloud is available in Skyhigh Security Cloud:

  1. Log in to Skyhigh Security Cloud.
  2. Go to Dashboards > Web Dashboard
    The predefined Dashboard Cards usually show data from the past seven days. For details, see About the Web Dashboard. If the data is missing or the displayed data is incorrect, open a Service Request.
    NOTE: You'll need to recreate custom reports using the reporting and analytics features within Skyhigh Security Cloud.
  3. Check all the web traffic logs at Analytics > Web > Web Traffic. 
    If the data is missing or the displayed data is incorrect, contact Skyhigh Support.

Update Data Residency and Log Privacy 

Review ePO Cloud Data Residence Settings

  1. Log in to ePO Cloud.
  2. Click Policy > Web Policy, select Settings, and select Data Residency Settings.
  3. Note the Data Residency configuration.
  4. Select Log Privacy Settings.
  5. Note the fields that are concealed.

Update Skyhigh Data Residency and Log Privacy Settings

  1. Log in to Skyhigh Security Cloud.
  2. Go to Settings > Infrastructure > Web Gateway Setup.
  3. Edit Log Data Residency and configure it in the same way as it was configured in ePO Cloud.
  4. For Log Privacy Settings, select the same fields to be concealed as in ePO Cloud.

Update MCP and Web Policies Configuration

Transfer MCP Credentials from ePO Cloud to Skyhigh and Trellix ePO

Export MCP Credentials from ePO Cloud

Use these credentials in Skyhigh Security Cloud, so the MCP Clients can use the same credentials to connect to the Cloud Service. 

  1. Log in to ePO On-Prem or ePO Cloud.
  2. Click Policy Catalog, select the Product as McAfee Client Proxy and Category as MCP Policy.
  3. Select and open any active policy. Under client proxy settings, select Client Configuration.
  4. Click Export Customer Credentials > OK.
Edit the Credentials XML
  1. Download the file ePOExportPassword.xml and open it in a text editor.
  2. Scroll towards the end (Extreme Right) before closing the </MCP Credentials> tag
  3. Place (paste) the following information just before the </MCPCredentials> tag:

<KeepDomainName>true</KeepDomainName>

Place the line between the </CustomerID> and </MCPCredentials> tags. This is an additional option that is required that ePO Cloud did not support.

  1. Save the ePOExportPassword.xml file
Import MCP Credentials into Skyhigh
  1. Log in to Skyhigh Security Cloud.
  2. Click the Settings > Infrastructure > Client Proxy Management.
  3. Go to Global Configuration > Tenant Authentication.
  4. Click the Actions > Import Credentials, then browse to the modified ePO ExportPassword.xml file. Click Import and Save the configuration.
  5. Publish the configuration by clicking the yellow badge at the top right corner, Publish.
Import MCP Credentials into Trellix ePO
  1. Log on to ePO.
  2. Under Configuration, select MCP Administration.
  3. In MCP Administration, choose the exported unmodified ePOExportPassword.xml (exported form ePO), and upload that to Trellix ePO.

Transfer MCP Policy from ePO Cloud to Trellix ePO

Export MCP Policy
  1. Log in to ePO On-Prem or ePO Cloud.
  2. Click Policy Catalog, select the Product as “McAfee Client Proxy” and Category as “MCP Policy”.
  3. Next to your policy name, click the Export link.
  4. Right-click the file, and use Save link  as ..., then click OK.  The policy file is downloaded in a binary format (.XML extension).
Modify and Import MCP Policy to Trellix ePO
  1. Log in to Trellix ePO. Under Policy select Policy Catalog.
  2. Select any MCP Policy and Export.
  3. Open the exported Trellix ePO Policy XML file and the ePO Cloud Policy XML file in a text editor.
  4. From the Trellix ePO file, fetch the value of featureid & serverid parameters.
    For example: featureid=”MCPSRVER1000”, where the MCPSRVER1000 is the value of the parameter featured.
  5. Replace the parameter values in the ePO Cloud file with the values from Trellix ePO file and save the file.
  6. In Trellix ePO, go to Policy Catalog > McAfee Client Proxy.
  7. Select Import and select the Modified xml file.
  8. Click OK as prompted (twice) and make sure the imported policy is configured and displayed as expected.

Import List Content for ePO Cloud (Only for SWG Cloud)

Replicate lists from ePO Cloud to Skyhigh Security Cloud. Unfortunately, full policy migration is not possible. 

  1. Log in to ePO Cloud.
  2. From Menu, under Policy, go to Web Policy.

    NOTE: It is only possible to export the list content from Web Policy. Direct policy conversion from ePO Cloud to Skyhigh Security Cloud is not possible.

    As an example, we will export the URL Blacklist Content from ePO Cloud, and import it into Skyhigh Security Cloud.
  3.  Under Web Policy > Global Settings click the Global URL Blacklist rule.
    This opens a window giving you access to all the lists in the catalog.
  4. From Catalog select Global URL Blacklist list. Click the ellipses at the bottom right corner and export the list.
  5. Open the exported list file in Excel. There are two columns listed, URL and Subdomain (True/False). 
  6. Remove the Subdomain column, and save the file.
  7. Log in to Skyhigh Security Cloud.
  8. Go to Policy > Web Policy > Policy.
  9. Find the corresponding rule. For example: For “Global URL Backlist” (exported from ePO Cloud) import:
    • Go to the “Global Block” branch and click “Global Block ListsRule Set. Then choose the “Domains Blocklist”.
      This opens the lists tab on the right side of the UI.
    • From Actions select Import – Append with .CSV.
    • Browse to select the exported and modified “Global URL Blacklist” CSV file. 
    • Open and click Save
  10. The list content from ePO Cloud is imported to Skyhigh Security Cloud under the corresponding RuleSet.

NOTE: This was just one example of a list import. All the other lists and policy configurations should be replicated manually the same way in Skyhigh Security Cloud.

MCP Policy - Configure New Proxy Name

IMPORTANT: Do not make MCP Policy changes unless you have replicated the required Web Policy Rules from ePO Cloud to Skyhigh Security Cloud. 

To change the Proxy Server name for Trellix ePO MCP Policy:

  1. Log in to Trellix ePO.
  2. Select Policy Catalog > McAfee Client Proxy.
  3. Select the active policy and click Edit.
  4. Under Client Proxy Settings > Proxy Servers, rename the Proxy Address:
    • from c(Customer ID).saasprotection.com
    • to c(Customer ID).wgcs.skyhigh.cloud
  5. Save the change

NOTE: All Trellix ePO managed endpoints will receive the policy update on the next policy push.

  • Was this article helpful?