Skip to main content
Skyhigh Security

Set up Client Proxy

You need to first set up the Client Proxy software on the Web Gateway Setup page.

This includes the configuration of tenant credentials, primary proxy server, proxy selection method (how Client Proxy software selects the active proxy server from the list) and create a Client Proxy policy with the default values. Make sure to download the policy and deploy it to the endpoints. Once you successfully deploy Client Proxy on the endpoints, the administrators can customize the Client Proxy policy on the Client Proxy Management page in the UI.

  1. On the Skyhigh CASB navigation bar, click the settings icon.
  2. From the drop-down list, select Infrastructure | Web Gateway Setup.
  3. Click Get Started.
  4. In Enter Tenant Authentication Credentials, click Configure.
    1. In the New Shared Secret field, enter the new shared secret. The shared secret is the password that secures communication between Client Proxy and Skyhigh Security WSGS.
    2. In the Confirm New Shared Secret field, confirm the new shared secret.
    3. Click Save.
  5. In Define Proxy Server IP Addresses, click Configure.
    1. From the Add Proxy drop-down list, enter proxy hostname or IP address of the proxy server, and listening port. Best practice is to configure two proxy servers, using fully qualified domain names (FQDN) for the host names and specifying port 8080 for one proxy and 80 to the other proxy.
    2. Click the + icon to configure another proxy server.
    3. (Optional), From the Import CSV drop-down list, you can import the proxy server details from the .csv file.
    4. (Optional), From the Export CSV drop-down list, you can download the configured proxy server list to the .csv file.
    5. Click Save.
  6. In Determine Proxy Selection Method, click Configure.
    • First Available — Select this to connect to the first accessible proxy server from the list that you configure. This option is useful when you prefer to select a specific server.
      • Automatic Switch Over — Select this to automatically switch to the next available proxy server when the first accessible proxy server is down. For example, if you have two proxy servers in the list and when the first server is down and second server is reachable, Client Proxy automatically selects the second proxy server as the active proxy server to redirect the endpoint traffic. In addition, when you select this option, Client Proxy checks for the availability of the first configured proxy server periodically based on the interval set in the Polling Interval field. When the first configured proxy becomes available, Client Proxy elects the first configured server as the active server to redirect the traffic. If this option is not selected, Client Proxy does not check for the active server periodically. This option is available only when you select First Available.
      • In Polling Interval (10 to 3600 seconds), specify the interval the Client Proxy software checks for the active server in the configured proxy server list.
    • Fastest Response Time — Select this to connect to the proxy server that has the fastest response time in the list that you configure.
    • Click Save.
  7. In Name and Publish Policy, click Configure.
    1. Provide a name for the policy.
    2. Click Save Policy.
  8. Click the yellow badge to publish the saved changes.
  9. Click Download to download the Client Proxy policy file saved to an .opg file. Once Client Proxy software is installed on endpoints, the Client Proxy needs its first policy configuration to communicate to Skyhigh Security WSGS. Rename the .opg file to MCPPolicy.opg and copy it to this location on the client computers.
    • Windows-based computers — C:\ProgramData\McAfee\MCP\Policy\Temp
    • macOS computers — /usr/local/mcafee/mcp/policy

      The Client Proxy establishes trust and redirect traffic to Skyhigh Security WSGS using tenant Information and shared secret.

IMPORTANT: Click the yellow badge to publish all your locally saved changes. When you complete the Client Proxy configuration, the administrators can add proxy servers and customize the policy on the Client Proxy Management UI page.

  • Was this article helpful?