Virtual Secure Web Gateway

Web Gateway 8450.  I'm trying to get a list of all the websites users are hitting.  For example, if I go to Google, it doesn't show up in the custom report when I have no filters.  Is there a way to make sure I'm creating a list of all web sites accessed so I can classify/blacklist any we don't want people to go to?

We will not record an entry for a visit to a URL unless the category that URL is in is set to 'monitor.' There is an option in your policy to set all categories to Monitor, so then we will record everything that is categorized.

I have every available category set to monitor or block.  Still don't see Google

At network settings have you set up inline networks?

Span/tap mode is our only option.

Can you check these out please?

1. Policy is configured to monitor (which you've done)
2. Policy is applied to the right clients (called workgroups in the policy, or just set it to apply to 'All Computers')
3. Make sure your internal networks are known to the SWG (this is configured in Administration -> Configuration -> Network tab -> Internal Networks section near the bottom)
4. Make sure your SPAN/TAP port is correctly configured (i.e. is your SWG seeing any raw traffic going through?)

I think those are the basics, hopefully it will point you in the right direction

in network settings have you defined the internal subnet(s)? 

are users or you testing with https://google.com as that will not be able to be seen in span/tap or inline mode. Only proxy mode is able to see/monitor/block https connections.

Agree with the suggestion above in that you need to make sure the Internal Networks are defined properly.  Another thing to watch our for here, when you click the 'Monitor All' button beside 'All Categories' in your policy this doesn't change the action for the 'Unclassified' which is at the bottom of your policy and you would need to manually configure this one to 'Monitor'. 

I get the impression you are seeing some sites in the logs?  Can you detail what is actually working?

If something has been designated malware etc by the Symantec people, I suppose, then it has been blocking some things.  Anything I've designated as a Custom Restriction or a blacklisted URL doesn't show up in the custom reports if I filter to find it.  It will show in the raw report.

My internal network is designates as 172.22.0.0 with a subnet of 255.255.0.0.  Is that the correct formatting?

I have no workgroups set up. 

Unclassified URL shows up as a category for the filters but not anywhere in the policy or the categories there.

...do you have the license for URL filtering, and has it been uploaded to your SWG?  There is a separate license file to enable the web-category based content control on the SWG.

Once uploaded, more options are available in the SWG modules tab (Administration -> Configuration -> Modules) to enable this level of content control.  With this enabled you get more options in the policies, which includes the option to Monitor "Unclassified" sites right at the bottom.

Is there any way to use my swg policy to do whitelisting mode trhough use of wildcard policy. it turns out i'm limitied on what Url i type exactly. 

you can use the actually to whitelist just put a domain in vs a full url. Also adding a policy exception to a policy is possible per policy to allow, monitor, or block a listed domain or IP address.