SWG in Proxy mode does not support whitelist by IP address

Article:TECH157358  |  Created: 2011-04-04  |  Updated: 2011-10-12  |  Article URL http://www.symantec.com/docs/TECH157358
Article Type
Technical Solution


When you set Symantec Web Gateway (SWG) Appliance to Proxy mode and browse the internet, you notice that SWG presents a blocking page for IP addresses which have a whitelist entry. You seek steps to prevent SWG in proxy mode from blocking pages which you would otherwise seek to whitelist.



SWG Proxy mode does not support whitelist IP for proxy traffic including client IP and server IP.

To white list any server, use a PAC file.
To white list any client machine, do not configure client browser to use SWG proxy service.

Supplemental Materials


Steps to reproduce
SWG Details:

- Proxy Blocking
- Enable the HTTP Proxy ( Default Ports )

Client details :

- Client Name : Windows 7- IE8
- Browser pointed to Inline IP and HTTP Port ( IP: and Port:8080)

Steps :

1. Create an Authentication policy which applies to All Computers
2. Create another policy to "Block All" for All Computers.
3. Try to browse various sites.
4. User is reported with Blocking Page.
5. Now Whitelist the IP's of sites blocked above. ( nslookup to find out the
6. Try to browse the white listed IP's.

Actual Result :

- The whitelisted IP's will be blocked.
- Events generated in Custom reports.


Article URL http://www.symantec.com/docs/TECH157358

Terms of use for this information are found in Legal Notices