How to add a whitelist or blacklist entry to Symantec Web Gateway (SWG) 4.5.x and 5.0.x

Article:TECH97566  |  Created: 2009-01-19  |  Updated: 2014-03-12  |  Article URL http://www.symantec.com/docs/TECH97566
Article Type
Technical Solution


Issue



You seek to add either a whitelist or blacklist entry to Symantec Web Gateway appliance.

 


Solution




Do one of the following:

  • Add a whitelist entry manually
  • Add a blacklist entry manually
  • Import a file containing multiple entries to the whitelist
  • Import a file containing multiple entries to the blacklist



To add a whitelist entry manually

  1. Click Configuration> Whitelist
  2. Click Add a Whitelist Entry
  3. In the text field labelled "Hostname/IP", type a hostname or a single IPv4 address.
  4. In the text field labelled "Comment", type a comment which explains why you are whitelisting this address.
  5. Click Save.



To add a blacklist entry manually

  1. Click Configuration> Blacklist
  2. Click Add a Blacklist Entry
  3. In the text field labelled "Hostname/IP", type a hostname or a single IPv4 address.
  4. In the text field labelled "Comment", type a comment which explains why you are blacklisting this address.
  5. Click Save.



To import a file containing multiple entries to the whitelist

  1. Click Policies> Whitelist
  2. Beside "Upload Whitelist from File:", click Browse
  3. Locate and select the file you seek to import.
  4. Click Upload



To import a file containing multiple entries to the blacklist

  1. Click Policies> Blacklist
  2. Beside "Upload Blacklist from File:", click Browse
  3. Locate and select the file you seek to import.
  4. Click Upload






References
 

Title: tools.ietf.org: RFC2181 - Clarifications to the DNS Specification
URL: http://tools.ietf.org/html/rfc2181



Technical Information
 


About whitelist reporting
SWG ignores all traffic for a whitelist entry. SWG does not filter that traffic. SWG does not log that traffic. To identify IP addresses in the Whitelist, SWG in Inline mode examines TCP headers. For all other whitelist and blacklist entries in either Inline or SPAN/Tap mode, SWG parses HTTP headers.


About SWG blacklist and whitelist capacity
SWG does not enforce a capacity limit for either whitelist or blacklist entries.


About IP addresses and domains
SWG will accept apparently invalid IP addresses and treat them as valid Fully Qualified Domain Name (FQDN) addresses. It is possible to enter or import the address 256.256.256.256. For more about why this is acceptable behavior, please see "11. Name Syntax" within RFC2181. SWG behaves in this fashion within the Blacklist and Whitelist pages and throughout the policies, including the policy exceptions.


About the structure of the import file

The text file you import should contain a single IPv4 address or hostname per line.

If you attempt to import a file which does not conform to this format, SWG will not import any of the entries in the import file. Instead, SWG will display "An error was encountered while reading the whitelist file: '<>' is not a domain name or IP address.", where '<>' is the first entry in the file which does not meet this format requirement. If you have multiple entries that do not match the expected format, you will have to fix an entry, attempt upload again, then repeat until all entries comply with the format.

After building a test file with the following wrong format:

google.com;173.194.35.32

 we got an error message like: "An error was encountered while reading the whitelist file: 'google.com;173.194.35.32' is not a domain name or IP address."

 

After building a test file with the format:

test.com

test1.com

test2.com

10.10.10.10

10.0.10.10

10.0.0.10

 

All the domains and IP addresses were uploaded normally.


 

 



Legacy ID



2009111909375554


Article URL http://www.symantec.com/docs/TECH97566


Terms of use for this information are found in Legal Notices