Virtual Secure Web Gateway

Hi every one,

I’m making progress  with the initial setup of Span/Tab Blocking mode of SWG, the monitoring port is now logging and under “Executive Summery” I can see activity. However, that activity comes only from one computer in the same subnet as the SWG appliance. Under “Executive Summary/Client Machines Monitored” I can see only one machine, despite the fact that I’m trying from many others.

My question is how do I setup SWG to block URL requests coming from computers in different subnets?

So far I have done the following:

1. Under “Administration/Configuration/Network”  I have defined all my subnets under “Internal Network Configuration”
2. Under “Administration/Configuration/Modules”  I have selected “Enable Content Filter”
3. Under “Policies/Configuration” I have defined one Policy with the following options
   - Block Page Message Group: Default
   -Applies to: All Computers

… and then I clicked “Save and Activate Changes”

What else do I need?

Thanks

How are you getting data to your monitoring port?  Is this plugged into a hub or to a mirrored interafce on a switch.  If the latter, can you check your switch config to see if you are mirroring all other interfaces or a single interface to the SWG's monitoring port?

Hmmm, your post pointed me to the possible cause of the problem.

To answer your question, I'm mirroring port 11 (monitored port) to port 14 (monitoring port), so it's only one port that I'm monitoring.

Yes, I can do ALL ports, but I'm afraid it's not going to fix the problem because this is not core switch; it's just gateway switch for one of our subnets.

Is it correct to assume that the appliances have to be connected to the core switch of the network, and all ports of the core switch to be monitored by the SPAN port?

We typically recommend connecting to the core switch for exactly this kind of reason, otherwise it will only see trafic for that subnet or at that switch.

...connecting the SWG to the core switch and mirroring all traffic to the appliance is the recommended method.  This provides the SWG with the greatest visibility of your network (internal traffic as well as any entering/exiting your network).