What's new in the 8.2 release

Releases can introduce new features and enhancements or update platform support.

Note: McAfee® Web Gateway 8.2 was initially provided as a controlled release and is now provided as a main release. The transition was made after update 8.2.4 had been released.

For upgrade information, see the McAfee Web Gateway Installation Guide

Installation of Web Gateway on Azure

Web Gateway can be installed as a virtual machine on a Microsoft Azure platform. This installation mode is offered in addition to an already existing option to install Web Gateway on Azure with Hyper-V.

The installation can be performed:

  • Using the Azure command line interface (CLI)
  • Using a script that McAfee provides

Support of TLS 1.3

TLS (Transport Layer Security) 1.3 can be configured as the protocol version for Web Gateway modules that perform SSL (Security Sockets Layer) scanning.

The modules follow this protocol when handling web traffic under HTTPS (Hyper-Text Transfer Protocol — Secure).

Note: Zero RTT and post-handshake authentication are not supported.

Enhanced authentication methods

Methods for authenticating users have been enhanced by implementing new options.

  • The RADIUS authentication method can be applied when users log on to Web Gateway remotely with SSH or run sudo commands in an unprivileged mode.

    A PAM (pluggable authentication module) device can be installed to enforce this authentication method.

  • Authentication between Web Gateway and McAfee® Client Proxy (Client Proxy) can be performed in an enhanced mode.

Enlarged range of configuration

The range of configuring Web Gateway has been enlarged by adding more settings options.

  • A size limit for uncompressed data and a maximum compression rate can be set for the Composite Opener. This module extracts archived and compressed data to make them available for scanning and filtering measures.
  • A new setting is provided for specifying a port on a McAfee® ePolicy Orchestrator® (McAfee® ePO™) server. Web Gateway connects to this server in order to enable DXL (Data Exchange Layer) messaging.

MFEND kernel module replaced

The MFEND kernel module has been replaced with a new solution.

The replacement impacts the operation of network modes for Web Gateway, including Proxy HA (High Availability) and the transparent modes.

The Transparent Bridge mode is not available in these product versions:

  • Web Gateway 8.2
  • Web Gateway 8.2.1

It is again available in Web Gateway 8.2.2 and subsequent versions.

Note: Migration to the new solution cannot be performed unattended.

For more information, see KB91848.

No FIPS certification

The product is no longer certified to comply with FIPS regulations. Web Gateway 7.8.2 is the latest product version that is FIPS-certified.