Professional Documents
Culture Documents
The McAfee Web Gateway Upgrade Guide provides information on upgrading a McAfee Web Gateway (formerly Webwasher ) appliance from version 6.8.x to version 7.0.x.
A complete redesign of system architecture, functions, and user interface has been carried out for version 7.0.x of the McAfee Web Gateway appliance to make it capable of ensuring more web security for your network. See the McAfee Web Gateway Product Guide, version 7.0, for more information. You can also find information at the following locations: Help Help is built into McAfee Web Gateway. Click the Help icon in the upper right corner of the user interface. Support Visit mysupport.mcafee.com to find product documentation, announcements, and support.
In this document ... About the upgrade McAfee Professional Services About the listConverter tool Using the listConverter tool
For example, action settings for URL categories in a 6.8.x configuration (specifying whether these categories are blocked, allowed, or handled otherwise) are converted to category lists and implemented in your 7.0.x configuration. You can then use these lists in appropriate 7.0.x rules. The listConverter tool is provided in the Web Gateway section of the McAfee community portal (community.mcafee.com). It is available as a single executable file in a .zip archive (listConverter.063.zip). The version number will change as updates of the tool are provided. No special installation procedure is needed to get the tool running. Just unzip the archive and start the executable file. The listConverter tool runs on the following platforms: Windows system using a Microsoft .NET 2.0 framework Unix system using a Mono framework
More information on how to work with the tool output is provided in the sections on individual procedures for completing upgrade jobs.
Tool options
When upgrading from McAfee Web Gateway 6.8.x to version 7.0.x, you can use the listConverter tool to complete the following jobs: Upgrade action settings for URL category filtering In a 6.8.x configuration, actions are set for particular URL categories, for example, the Block action for URLs that fall into the Online Shopping category. Extracting data from a 6.8.x backup file, the tool creates lists of categories that are blocked, allowed, or handled otherwise. These lists can be implemented in a 7.0.x configuration and used by appropriate rules. Upgrade settings on an Extended List Actions for URL categories might additionally have been entered into an Extended List. The tool can extract data from this list and implement a list of the Extended List Element type for use by a rule in a 7.0.x configuration. Migrate settings for ICAP bypassing In a 6.8.x configuration, requests to particular URLs and IP addresses can be configured to bypass modification on an ICAP server. The tool extracts relevant data from the global.conf file that is contained in a 6.8.x backup file and creates a list of these URLs and IP addresses, which can be implemented in a 7.0.x configuration. The list is of the Wildcard Expression type and can be used by appropriate rules. Merge actions Actions existing in a 6.8.x configuration, including user-configured actions, can be merged to fewer actions in a 7.0.x configuration and, consequently, to fewer lists of objects that these actions are applied to. Merge whitelist settings Whitelist settings in a 6.8.x configuration can be merged before upgrading them to a 7.0.x configuration, which results in fewer whitelists for that configuration. Extract appliance system and other settings for reference purposes The tool can extract settings from a 6.8.x backup file and write them into separate files, for example, report files, to document them. You can use the information in these files for setting up your 7.0.x configuration. The following settings can be extracted in this way: Appliance system settings System settings of a McAfee Web Gateway 6.8.x appliance, for example, settings for network interfaces, DNS servers, and similar items can be written into report files. List settings List settings can be written into report files. This can be done in addition to creating these lists and making them available for use in a 7.0.x configuration. Policy settings Policy settings contained in .conf files within a backup file can be made available by extracting and storing these files. Web mapping settings Settings for web mapping rules can be written into report files.
processing.
category lists.
2 From the File menu, select Save. Your local file manager opens. 3 Browse to the location where you want to store the *.ImportedLists.xml and click OK.
6 Browse to the *.ImportedLists.xml and click Open. The tool creates a rule set and implements it in the
7.0.x configuration, together with the lists of the *.ImportedLists.xml. The name of the rule set is ImportedLists.wwbackup<backup ID>, where <backup ID> is a time stamp indicating when the backup file in question was created.
Note: The rule set is not enabled.
The lists are of the Category type. You can view and access them on the Lists tab under Custom Lists. They have names like Imported.default.Block, Imported.default.Allow, and so on.
7 [Optional] Delete the ImportedLists.wwbackup<backup ID> rule set. 8 Modify existing rules of the 7.0.x configuration or create rules to let them use the newly implemented lists.
of the Extend List Element type. You can view and access it on the Lists tab. Its name is Imported.wwextendedlist.
4 Modify an existing rule of the 7.0.x configuration or create a rule to let it use the newly implemented list.
For more information, see Upgrading action settings for URL category filtering.
HTTPSProxy.NoICAPFor, or FTProxy.NoICAPFor, according to what you want to upgrade. The tool creates an *.ImportedLists.xml file, which contains the ICAP bypass data.
3 Import the *.ImportedLists.xml file into your 7.0.x configuration. The tool creates and implements lists
with objects for ICAP bypassing. The lists are of the Wildcard Expression type. You can view and access them on the Lists tab. Their names are Imported.global.HTTPProxy.NoICAPFor, Imported.global.HTTPSProxy.NoICAPFor, and Imported.global.FTTProxy.NoICAPFor.
4 Modify existing rules of the 7.0.x configuration or create rules to let them use the newly implemented lists.
For more information, see Upgrading action settings for URL category filtering.
Merging actions
You can merge actions from a 6.8.x configuration, including actions you have configured on your own, to fewer actions in a 7.0.x configuration, thereby reducing the number of lists that are related to each of these actions. If no merging is done, the listConverter tool creates a list for each action, containing the objects that the action can be applied to. If you want to have fewer lists in the 7.0.x configuration, the tool enables you to merge, for example, the Allow and Exempt actions to a common Allow with a single list for all objects in question. You can do the merging in a separate procedure or together with other settings, for example, category settings, as described under Upgrading action settings for URL category filtering. To merge existing actions into fewer:
1 Start the listConverter tool and import a backup file of a 6.8.x configuration. 2 From the Tools menu, select Category Options. The Action Merging window opens. It shows the
existing actions in a column on the left and menus to select merged actions from on the right.
3 For each action on the left, select an action from the menu in the same line. This way you can merge the
existing actions to a smaller number of actions and, consequently, lists. The tool creates an *.ImportedLists.xml file, which contains only the merged actions.
4 Import the *.ImportedLists.xml file into your 7.0.x configuration. The tool creates and implements lists
For more information, see Upgrading action settings for URL category filtering.
want to merge.
b In the White List Filters section, select Merge Selected Filters, then select the filters you want to
merge. The tool creates an *.ImportedLists.xml file with merged object types and filters.
4 Import the *.ImportedLists.xml file into your 7.0.x configuration. The tool creates and implements
whitelists. For more information, see Upgrading action settings for URL category filtering.
To let the tool write the lists it creates into plain text files, select Write .txt Files.
3 To create a web mapping report file, select the File menu and then Policy Mapping Report. 4 Select Extract all files from backup. Your local file manager opens. 5 Browse to the location where you want to store the files with the extracted data and click OK. 6 Use the data in the files to configure settings for your 7.0.x configuration.
For support information, visit mysupport.mcafee.com. Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. 700-2515A00