McAfee Web Gateway (Linux and Unix)

Version 5

    This template assesses the overall performance of McAfee Web Gateway installed on a Linux/Unix based computer. This template uses SNMP and TCP port monitors to retrieve statistics from the target server.


    Prerequisites: SNMP enabled on the operating system and allowed to monitor mwg-antimalware, mwg-core, mwg-coordinator and mwg-snmp processes.


    Credentials: None (uses the SNMP public string assigned to the node).


    Notes:

    • This template is configured to send SNMP requests on port 161.
    • This template was created on McAfee Web Gateway v 7.


    Monitored Components

    Number of Detected Infections

         This monitor returns the number of infections detected by the McAfee Gateway Antimalware Engine. This value should be as low as possible.

         OID: 1.3.6.1.4.1.1230.2.7.2.1.2.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    Number of Not Blocked Connections

         This monitor returns the number of connections that not have been blocked.

         OID: 1.3.6.1.4.1.1230.2.7.2.1.3.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    Number of Blocked Connections by Anti-Malware

         This monitor returns the number of connections blocked by Anti-Malware. This value should be as low as possible.

         OID: 1.3.6.1.4.1.1230.2.7.2.1.5.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    Number of Blocked Connections

         This monitor returns the number of blocked connections. This value should be as low as possible.

         OID: 1.3.6.1.4.1.1230.2.7.2.1.5.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    Number of Blocked Connections by Media-Type Filter

         This monitor returns the number of connections that have been blocked by the Media-Type filter. This value should be as low as possible.

         OID: 1.3.6.1.4.1.1230.2.7.2.1.6.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    Number of Blocked Connections by URL Filter

         This monitor returns the number of connections that have been blocked by the URL filter. This value should be as low as possible.

         OID: 1.3.6.1.4.1.1230.2.7.2.1.7.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    Number of Detected Categories by URL Filter

         This monitor returns the number of categories detected by the URL filter.

         OID: 1.3.6.1.4.1.1230.2.7.2.1.9.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTP: Number requests

         This monitor returns the number of HTTP requests.

         OID: 1.3.6.1.4.1.1230.2.7.2.2.1.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTP: Bytes Transferred Between Proxy and Servers

         This monitor returns the number of bytes transferred between proxy and server(s) using the HTTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.2.2.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTP: Bytes Transferred From Client to Proxy

         This monitor returns the number of bytes transferred from client to proxy using the HTTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.2.3.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTP: Bytes Transferred From Server to Proxy

         This monitor returns the number of bytes transferred from server to proxy using the HTTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.2.4.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTP: Bytes Transferred From Proxy to Clients

         This monitor returns the number of bytes transferred from proxy to client(s) using the HTTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.2.5.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTP: Bytes Transferred From Proxy to Servers

         This monitor returns the number of bytes transferred from proxy to server(s) using the HTTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.2.6.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTPS: Number requests

         This monitor returns the number of HTTPS requests.

         OID: 1.3.6.1.4.1.1230.2.7.2.3.1.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTPS: Bytes Transferred Between Proxy and Servers

         This monitor returns the number of bytes transferred between proxy and server(s) using the HTTPS protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.3.2.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTPS: Bytes Transferred From Client to Proxy

         This monitor returns the number of bytes transferred from client to proxy using the HTTPS protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.3.3.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTPS: Bytes Transferred From Server to Proxy

         This monitor returns the number of bytes transferred from server to proxy using the HTTPS protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.3.4.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTPS: Bytes Transferred From Proxy to Clients

         This monitor returns the number of bytes transferred from proxy to client(s) using the HTTPS protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.3.5.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    HTTPS: Bytes Transferred From Proxy to Servers

         This monitor returns the number of bytes transferred from proxy to server(s) using the HTTPS protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.3.6.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    FTP: Bytes Transferred Between Proxy and Servers

         This monitor returns the number of bytes transferred between proxy and server(s) using the FTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.4.1.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    FTP: Bytes Transferred From Clients to Proxy

         This monitor returns the number of bytes transferred from client(s) to proxy using the FTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.4.2.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    FTP: Bytes Transferred From Server to Proxy

         This monitor returns the number of bytes transferred from server(s) to proxy using the FTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.4.3.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    FTP: Bytes Transferred From Proxy to Clients

         This monitor returns the number of bytes transferred from proxy to client(s) using the FTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.4.4.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    FTP: Bytes Transferred From Proxy to Servers

         This monitor returns the number of bytes transferred from proxy to server(s) using the FTP protocol.

         OID: 1.3.6.1.4.1.1230.2.7.2.4.5.0

         Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

     

    CPU Usage (%)

         This monitor returns the current overall CPU usage in percent. This value should be as low as possible.

         OID: 1.3.6.1.4.1.1230.2.7.2.5.1.0

     

    Currently Connected Clients

         This monitor returns the number of currently connected clients.

         OID: 1.3.6.1.4.1.1230.2.7.2.5.2.0

     

    Network Connections in Use by Proxy

         This monitor returns the number of open network sockets in use by the proxy.

         OID: 1.3.6.1.4.1.1230.2.7.2.5.3.0

     

    Web Console (HTTP) TCP Port

         This component monitor tests the ability of a McAfee Web Gateway web console to accept incoming sessions by using HTTP protocol. By default, it monitors TCP port 4711.

     

    Web Console (HTTPS) TCP Port

         This component monitor tests the ability of a McAfee Web Gateway web console to accept incoming sessions by using HTTPS protocol. By default, it monitors TCP port 4712.

     

    Process: Antimalware Engine

         This monitor returns the CPU and memory usage of the McAfee Antimalware Engine (mwg-antimalware) process. This process is used for virus scanning.

     

    Process: Core

         This monitor returns the CPU and memory usage of the McAfee Core (mwg-core) process. This process provides a proxy module for intercepting web traffic and a rule module for processing the filtering rules that make up your web security policy.

     

    Process: Coordinator

         This monitor returns the CPU and memory usage of the McAfee Coordinator (mwg-coordinator) process. This process stores all configuration data processed on the appliance.

     

    Process: SNMP

         This monitor returns the CPU and memory usage of the McAfee SNMP (mwg-snmp) process. This process provides SNMP access to McAfee Web Gateway.

     

    Portions of this document were originally created by and are excerpted from the following sources:
    McAfee Corporation, “mcafee-mwg-mib.txt." Copyright © 2012 McAfee Corporation.  All rights reserved.