Configure Global Routing Manager country and region prefixes
Last Modified: 2023-02-24 09:57:17 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Configure Global Routing Manager country and region prefixes
Technical Articles ID:
KB87631
Last Modified: 2023-02-24 09:57:17 Etc/GMT EnvironmentWeb Gateway Cloud Service (WGCS; formerly known as McAfee SaaS Web Protection 1.x)
MVISION Unified Cloud Edge (UCE) SummaryThe Global Routing Manager (GRM) intelligently routes traffic to the closest Enterprise Point of Presence (PoP). For example, if a user is in Italy, they're routed to the closest PoP in Europe, rather than to North America or Asia. If that same user travels to New York City, they're routed to the PoP in New York, unless restricted by administrative policy.
The GRM is a DNS-based load-balancing service that returns to the endpoint through the route to the closest PoP. It considers the following information:
The precise geo-location is needed to achieve the best performance and provide localized internet content to greatly improve user experience. To achieve a good approximation of the geo-location of the user or endpoint, the IP address of the endpoint sending a DNS request to the GRM is essential. The IP address seen on the GRM is typically not the same as the client IP address of the HTTP request. Instead, it's the IP address of the DNS resolver that the endpoint uses.
ProblemIf you use cloud DNS services, such as Google DNS or
NOTE: There's no issue for customers who are using a decentralized DNS infrastructure. SolutionWhen using cloud DNS services or centralized DNS infrastructure to enforce the correct geo-location, you can use special purpose prefixes for the country or region selection. The prefixes are hierarchically organized with continents at the top level, followed by regions, and then countries. Choose a prefix with the widest geographical area coverage because the prefix restricts dynamic load distribution and failover.
IMPORTANT: Use prefixes only when needed. Use of a prefix overrules the dynamic routing logic of GRM. When prefixes are used to enforce the selection of a specific geo-location, users might experience overall performance issues when traveling. An increase in network latency, dynamic failover, and load-balancing issues can occur.
Use a prefix for proxy settings to specify the preference for a PoP from a certain country or region:
Syntax:
Remarks:
Please refer to the following examples:
CAUTION: Using an IP address instead of a host name for proxy settings isn't supported. If no PoP is available in the country or region specified in the proxy host name, the preconfigured fallback is to use the closest PoP regardless of the country or region. (It's unlikely that no PoP is available.)
To use the nearest PoP from the selected country or region for the endpoint, use the following predefined set of prefixes (subdomains):
NOTE: The dashboard at the Skyhigh Security Service Status site provides key status information for WGCS. It includes data center status, recent incidents, and scheduled maintenance. Affected ProductsLanguages:This article is available in the following languages: |
|