Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Access to Symantec Web Gateway

Created: 22 Jun 2013 | 2 comments

Hi

question 1

is there anyway to restrict access to Symantec Web Gateway just from the Management Interface Only ???

question 2

is there anyway to restrict access to Symantec Web Gateway just from a defined user list ???

Thanks

Operating Systems:
Discussion Filed Under:

Comments 2 CommentsJump to latest comment

SMLatCST's picture

Here's my 2 pence worth wink

  1. Currently no, the Management Console cannot be locked down for access, which in my mind is a humungous security hole.  Eventhough you can apply firewall rules outside of the SWG to restrict access to the Management Interface's IP address, the console itself is still accessible via the Inline LAN Interface (again, not great).
    If you agree, then please take a look at the IDEA I raised below and vote for it if you think it's useful:
    https://www-secure.symantec.com/connect/ideas/swg-console-access-restriction
  2. Can you clarify this point?  Are you talking about restricting users going through the SWG for web access, or management access again?
Boujid's picture

The second point is similar to your first point "Allow administrators the ability to restrict web console access by IP ranges", it's about management access

but i am thinking more precisely like the way in "Symantec Messanging Gateway" in "control center" --> "Administration" --> "Control center" --> "Access"

it's not just about "IP ranges" but also exact IPs.

As i am asking in another post "Symantec Messanging Gateway" , i wish also to have a recovery procedure to erase this access list from the console in case of problem using the admin account only.

The SMG have the ability to restrict such access but it doesn't have the way to unlock it, so if you lost your administrator password, you will be unable to access from Web, apparently you will need to enter via console with the "root" account which is not given to try to erase the restriction from command line.

So, i think having a Recovery Procedure it's a must

I wish also to have the updates from the inline/LAN Interface, i don't like the current way, i've used 2 commercials products before Symantec, and never the management interface were used to get updates, it's very logical to keep the management just for the management and administration tasks, this interface must be hidden from Internet.

Thanks

Best Regards