Virtual Secure Web Gateway

 Hi Everybody 

I want to know about current version of Symantec web gateway can support 

because i saw   "  http://www.symantec.com/business/support/index?page=content&id=DOC2478 "

this content in site.  it does not claim that single sign-on will work with WIN SVR 2008 R2’s AD

Has anyone know and describe about my question

Thank in advance

Does any one know ?? Because  Next week I plan to implement that and my boss make to do it finish

during in 1 week.  Can any one help me.

Thank in advance

DC interface has worked with with windows 2008 Active Directory Since 4.5.2.

http://www.symantec.com/business/support/index?page=content&id=TECH96609

Hi Ben

sorry for my english and in your link. I saw in below

Previous Version - 4.5.2.65

*****  1. New dcinterface that supports Windows 2008 server. ****
 

but sorry i am not sure about that it s mean suport Windows 2008 Active Directory Version R2.

if you confirm to work with AD 2008 or have any reference document, I will ok to prepare my self

for implement SWG in next week 

Thank for your reply

Hello,

>>this content in site.  it does not claim that single sign-on will work with WIN SVR 2008 R2’s AD

I'm not clear about your question. Is it about the SWG AD 2008 R2 integration or the single sign-on?

Can you please throw some light what you are looking from SWG wrt single sign-on?

SWG 4.5 wasn't tested with 2008 R2 but I personally wouldn't expect great problems with the AD integration unless I badly missed any.

As you are planning to implement next week, it would be really great if you can spare a day or 2 to test the basic functionality to ensure the AD Integration is fine and meeting your expectations before production.

BTW the upcoming SWG 5.0 is tested with Windows 2008 R2.

Thank you.

Regards,

Dash

Yes, I was able to make AD on Windows 2008 R2 to work on SWG 4.5

No special configuration, just follow the steps in doing an AD integration using a dcinterface

cheers,

nido

 Dear all

 Sigle sing on in my meaning. It s mean when i logon to my computer with AD user after that 

 open the web browser and  not promp to fill user password again. 

This is my definition with single sing on . For AD 2008 It s competible or not ...

Thank alot for your previous answer...

DC interface does not use the NTLM authentication mehtod to identify users.

Using NTLM may prompt the user for authentication depending on the application and enviroment. The SWG should have the shortname in the DNS zone. The prompting is actually not done by SWG but the browser/app which see SWG needs authentication then if the application can provide the information it does, if it cannot it prompts the user. If the SWG does not appear in the intranet/trusted zone of IE, IE will prompt.

Hello;

In SWG, you can configure LDAP. There seems to be only 1 field to enter the 'ldap server IP' but of course we have more than one AD server. I wonder if there will be a problem when 1 AD server (temporarily) fails...

OR: am I right to conclude that that field is only necessary for a) testing and b) periodic synchronization while runtime ('logon') info is *sent* by the A.D. a users logs onto - even if it is not in the field "ldap server ip"?

Regards,

Klaas

DCinterface can be installed to multiple DCs and send events back to your SWG device(s). 

Also one installation of DCinterface can remotely read the events from multiple DCs and send the events back to the SWG.

You can add multiple SWGs by using multiple hosts lines and multiple DCs by using multiple remoteServer lins.

example dcinterface.txt:

host 10.10.10.253
host 10.10.10.254

remoteServer DomainController1.local
remoteServer DomainContorller2.local

Recovery 4

The SWG implentation guide covers more of this starting on page 107.

Thank alot BENDC

Thank you for your answer ...