Symantec Web Gateway 5.0.0 Release Notes and Late Breaking News
| Article:TECH157824 | | | Created: 2011-04-11 | | | Updated: 2011-06-14 | | | Article URL http://www.symantec.com/docs/TECH157824 |
Problem
You seek the release notes and late-breaking issues for the Symantec Web Gateway (SWG) 5.0.
Solution
The Release Notes and product manuals for Symantec Web Gateway 5.0 are located here:
http://www.symantec.com/business/support/index?page=content&key=58161&channel=DOCUMENTATION
The following late-breaking issues appeared following the finalization of Release Notes for Symantec Web Gateway 5.0.0:
|
An issue exists with VLAN TAG-based policies.
|
Symantec Web Gateway does not apply VLAN TAG-based policies to proxy traffic or report the event when it is in inline proxy or proxy mode.
To resolve this issue, create IP-based policies.
|
|
The use of a group name that exists on multiple domains in LDAP is unsupported in Symantec Web Gateway policies.
|
Even though the Web GUI lets you use a group name that exists in multiple LDAP domains, this feature is unsupported for policy creation.
To resolve this issue, create unique group names across all of your LDAP domains.
|
|
You must perform additional configurations for NTLM authentication to work.
|
For NTLM authentication to work properly, ensure the following:
· NetBIOS on the domain controller that Symantec Web Gateway uses for authentication is enabled.
· The Symantec Web Gateway Management port can communicate with the domain controller on UDP port 137.
|
|
File scanning is not supported over Windows Live Messenger.
|
File scanning over Windows Live Messenger is not supported.
To prevent the transfer of malware through Windows Live Messenger, use the application control feature to block all Windows Live Messenger communications.
|
|
The ability to block America Online instant messenger is not supported.
|
The ability to block America Online instant messenger with the application control feature is not supported.
|
|
The maximum cache object size changes upon upgrade.
|
If you upgrade from any Symantec Web Gateway 5.0 beta version and use the proxy configuration, you must manually configure your maximum cache object size.
To configure this, change your maximum cache object size from 256 KB to 255 KB and save the change. Then change it back to 256 KB and save the change again to retain the maximum cache object size.
|
|
Symantec Web Gateway Virtual Edition synchronizes its clock with the ESX host machine when an NTP server is unavailable.
|
You must ensure the ESX host computer real-time clock is accurate.
|
|
The Central Intelligence Unit does not support changes to modules for all managed devices.
|
The ability to make changes to File Download Protection, Application Control, Content Filter, and Browse Time for all managed devices through the Central Intelligence Unit is not supported.
To resolve this issue, manage each Symantec Web Gateway individually, or change these settings directly from the Symantec Web Gateway GUI. You can configure these settings on the Administration > Configuration > Modules tab. From the Central Intelligence Unit, select the individual Symantec Web Gateway from the Configure list.
|
|
The ability to block any 2011 version of Tencent QQ ("QQ") instant messenger or videos are unsupported.
|
Symantec Web Gateway does not block QQ instant messenger and videos even when you create a blocking policy to do so. In addition, Symantec Web Gateway inaccurately reports that any messages and videos that were transmitted through QQ were blocked.
|
|
SSL decryption requires an imported trusted root certificate authority.
|
If you use software that cannot use an imported Trusted Root Certificate Authority, you must ensure that traffic for that host/user does not have an SSL intercept policy assigned. Attempts to intercept SSL traffic without an imported Trusted Root Certificate Authority will cause SSL errors.
|
|
Data loss prevention (DLP) is disabled after restore.
|
The DLP service is automatically disabled when you restore a Symantec Web Gateway configuration from a backup file.
To resolve this issue, enable DLP on the Administration > Configuration > Proxy tab, under Symantec DLP Network Prevent Settings.
|
|
Recommended proxy exception list.
|
For proxy deployments in which you enable NTLM authentication, some applications that use the HTTP protocol are not compatible with NTLM 407 authentication. So these applications will fail the NTLM challenge. In addition, the applications may not be compatible with the Symantec Web Gateway file inspection end user page that is returned to the application, which expects a human response. Many of these applications run in the background and are not explicitly invoked by the end user. Some examples are Windows updates, antivirus updates, and the Adobe Flash installer.
To resolve this issue, add proxy exceptions for the domains that host these applications. You can use a PAC file or another global browser configuration solution to manage the proxy exception list.
The following URLs are some of the recommended domains to add to the exception list:
· microsoft.com
· windowsupdate.microsoft.com
· update.microsoft.com
· c.microsoft.com
· www.update.microsoft.com
· download.microsoft.com
· crl.microsoft.com
· adobe.com
· symantec.com
· liveupdate.symantecliveupdate.com
· updates.sunbelt-software.com
· spynet.com
· ad.spynet.microsoft.akadns.net
· update.nai.com
· safer-networking.org
· safer-networking.de
· spybotupdates.com
· spybotupdates.org
· see-cure.net
· see-cure.de
· f-secure.com
· f-sos.net
· ftp.smartfilter.com
· list.smartfilter.com
· ftp.securecomputing.com
· ftp.activations.securecomputing.com
· kaspersky-labs.com
· kaspersky.com
· kaspersky.ru
· ftp.kasperskylab.ru
· mcafee.com
· sophos.com
· secure.nai.com
· vil.nai.com
· ftp.avp.ch
· pestpatrol.com
· iss.net
· download.windowsupdate.com
· trendmicro.com
· spftrl.digitalriver.com
· webroot.com
· grisoft.com
· akamai.grisoft.cz
· macromedia.com
· altiris.com
· solutionsam.com
· safeweb.norton.com
· swcdn.apple.com
· brightmail.com
|
|
|
Article URL http://www.symantec.com/docs/TECH157824
Terms of use for this information are found in Legal Notices
Thank you.