Virtual Secure Web Gateway

 View Only

  • 1.  2 out of 15 IP addresses can't get to the internet. no error, no nothing.

    Posted May 08, 2013 06:04 PM

    Dear All,

    I am deploying a pilot to implement SWG (proxy mode) on our network. after my individual tests went ok I decided to test with 15 users and everything went good for a week or so. then 2 users started to report problems accessing the web. there were no errors. the browser just sat there waiting for the web page to load.

    those 2 IP addresses belong to the same subnet as the ones that work.

    what did i do to try to understand the issue:

    1. I can ping to those IPs from and to the admin gui. so, no network problem
    2. I can "telnet SWG 8080" from those IPs and the proxy respond.
    3. when I reproduce the problem on a virtual machine (it is definitely a problem with those particular IPs) the browser keeps trying to open a website and that last forever. I can see the browser trying and trying and in the end there is no error of any kind.
    4. I tested those particular users from different IP and all worked ok
    5. I changed those IPs to another on the same subnet. everything works
    6. when I restart the SWG virtual appliance the problem dissapear temporary.

    how can I debug this? there is no valuable logs in the GUI even after I set up a syslog server.

     

    thank you in advance.

     

     

     



  • 2.  RE: 2 out of 15 IP addresses can't get to the internet. no error, no nothing.

    Posted May 09, 2013 05:05 AM

    What version of the SWG are you using?  Can you enable the packet capture function and see/follow the requests from the problem IP addresses?

    http://www.symantec.com/docs/TECH145303



  • 3.  RE: 2 out of 15 IP addresses can't get to the internet. no error, no nothing.

    Posted May 21, 2013 09:00 PM

    thank you for answering.

    the problem went away (i guess) after I disconnected the WAN and MONITOR interfaces from vmware vsphere client as the best practises for proxy mode recommended. http://www.symantec.com/docs/TECH192087



  • 4.  RE: 2 out of 15 IP addresses can't get to the internet. no error, no nothing.

    Posted May 27, 2013 01:49 PM

    f-2050,

    In the future, the best method of testing is to run Wireshark on the client machine to determine exactly where the traffic is going, what is happening, etc. You can download the Wireshark at www.wireshark.org.

    Start wireshark, test going to the website, turn wireshark off and save the log.

    At that point, you can forward the log to technical support and we can look at the log and tell you exactly what is happening and make suggestions on fixing the issue.

    Thank you,

    Monica