Symantec Web Gateway (SWG) 4.5 in inline mode blocks connections to the internet

Article:TECH97269  |  Created: 2009-01-06  |  Updated: 2010-10-06  |  Article URL http://www.symantec.com/docs/TECH97269
Article Type
Technical Solution


Issue



Symantec Web Gateway is in inline mode, and it prevents all connections to the internet. You seek steps to troubleshoot this behavior and restore internet communications.


Solution



  1. At the command line interface (CLI) of SWG, log in as admin
  2. Check CPU usage
  3. If CPU usage is greater than 50%, then contact support for further assistance in examining the load on the SWG.
  4. If CPU usage is less than 50%, then power off the SWG Appliance
  5. If you can access the internet through SWG when SWG is powered off, skip to step 10
  6. If you cannot access the internet through SWG when SWG is powered off, check cabling and re-test
  7. If you cannot access the internet through SWG when SWG is powered off AND the cabling is correct, remove the cable from the LAN port of the SWG Appliance and connect it to the ethernet port which is connected to the WAN port of the SWG Appliance, then re-test.
  8. If you cannot access the internet when bypassing SWG with your Ethernet cabling and connecting to the upstream device instead, stop here and examine other environmental factors. SWG is not part of the network outage you are experiencing.
  9. If you can access the internet when bypassing SWG, log in to the CLI of the SWG and note your serial number, then call support for further assistance.
  10. If you can access the internet when SWG is powered down, power up the SWG. At the CLI, log in as admin and set the Appliance to bypass mode. Re-test
  11. If you can access the internet when SWG is powered up and in bypass mode, revert to factory settings, re-run the Setup Wizard, then restore SWG configuration from the last known good backup.


    After reverting to last known good configuration, you can continue to investigate with a divide and conquer strategy. Make configuration changes one at a time and retest after each to determine which one appears to cause network outage.








References

Title: How to access the Command Line Interface (CLI) of Symantec Web Gateway (SWG) 4.5.x
URL: http://service1.symantec.com/support/ent-gate.nsf/docid/2009103015195254

Title: How to backup and restore configuration settings for Symantec Web Gateway (SWG) 4.5.x
URL: http://service1.symantec.com/support/ent-gate.nsf/docid/2009102115490654

Title: Restore Symantec Web Gateway to shipped defaults.
URL: http://service1.symantec.com/support/ent-gate.nsf/docid/2009102115490654




Technical Information

Recommended cabling for SWG in inline mode
As SWG acts as a crossover cable when powered down or in bypass mode, Symantec recommends the following cabling setup for inline mode:

  • Connect WAN port to switch, router, firewall or other network device using a straight cable
  • Connect LAN port to downstream device using a crossover cable.

 



Legacy ID



2009110609380954


Article URL http://www.symantec.com/docs/TECH97269


Terms of use for this information are found in Legal Notices