Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SWG generates high amount of traffic

Created: 14 Mar 2012 • Updated: 22 Mar 2012 | 2 comments
viktor.nagy's picture
This issue has been solved. See solution.

Dear All,

I've setup a SWG in proxy mode at one of our customers as pilot. Nobody've started to use it yet.

I've setup a policy to monitor all traffic for all computers. If I check traffic at custom reports I see these:

Date/Time Stamp  Requested URL or Filename
03/14/2012 09:11 206.253.225.174:443
03/14/2012 09:07 85.25.252.124:443
03/14/2012 09:01 87.106.3.48:443
03/14/2012 08:59 license.cobion.com:443
03/14/2012 08:50 87.106.21.125:443
03/14/2012 08:41 206.253.225.12:443
03/14/2012 08:27 206.253.225.174:443
03/14/2012 08:20 85.25.252.124:443
03/14/2012 08:12 87.106.3.48:443
03/14/2012 07:59 license.cobion.com:443
03/14/2012 07:49 206.253.225.12:443
03/14/2012 07:38 206.253.225.174:443
03/14/2012 07:28 85.25.252.124:443
03/14/2012 07:21 87.106.3.48:443
03/14/2012 07:13 87.106.21.125:443
03/14/2012 06:59 license.cobion.com:443
03/14/2012 06:38 206.253.225.174:443
03/14/2012 06:31 85.25.252.124:443
03/14/2012 06:23 87.106.3.48:443
03/14/2012 06:16 87.106.21.125:443
03/14/2012 06:11 206.253.225.12:443
03/14/2012 05:59 license.cobion.com:443
03/14/2012 05:37 85.25.252.124:443
03/14/2012 05:29 87.106.3.48:443
03/14/2012 05:20 87.106.21.125:443
03/14/2012 05:11 206.253.225.12:443
03/14/2012 05:06 206.253.225.174:443
03/14/2012 04:59 license.cobion.com:443
03/14/2012 04:42 87.106.3.48:443
03/14/2012 04:35 87.106.21.125:443
03/14/2012 04:26 206.253.225.12:443
03/14/2012 04:21 206.253.225.174:443
03/14/2012 04:11 85.25.252.124:443
03/14/2012 03:59 license.cobion.com:443
03/14/2012 03:45 87.106.21.125:443
03/14/2012 03:36 206.253.225.12:443
03/14/2012 03:24 206.253.225.174:443
03/14/2012 03:17 85.25.252.124:443
03/14/2012 03:11 87.106.3.48:443
03/14/2012 02:46 206.253.225.12:443
03/14/2012 02:44 license.cobion.com:443
03/14/2012 02:39 206.253.225.174:443
03/14/2012 02:32 85.25.252.124:443
03/14/2012 02:23 87.106.3.48:443
03/14/2012 02:15 87.106.21.125:443
03/14/2012 01:59 license.cobion.com:443
03/14/2012 01:38 206.253.225.174:443
03/14/2012 01:29 85.25.252.124:443
03/14/2012 01:21 87.106.3.48:443
03/14/2012 01:13 87.106.21.125:443
03/14/2012 01:06 206.253.225.12:443
03/14/2012 00:59 license.cobion.com:443
03/14/2012 00:55 85.25.252.124:443
03/14/2012 00:44 87.106.3.48:443
03/14/2012 00:33 87.106.21.125:443
03/14/2012 00:23 206.253.225.12:443
03/14/2012 00:14 206.253.225.174:443

There were no any other lines, but the "Raw traffic Processed" at Executive Summary was 26GB. Is there any idea what could happened?

Thanks in advance!

Viktor

Discussion Filed Under:

Comments 2 CommentsJump to latest comment

BenDC's picture

I suspect you have the SWG configured to use it self for a proxy to get to the internet thus you are seeing the information in the reports.

From the information I have found it appears the sites accessed are hosting the SWG database for the content filtering.

SOLUTION
viktor.nagy's picture

The MGT interface of SWG doesn't have internet access through the firewall, so I've set it's own LAN interface to use it for communicating with Symantec Threat Center. So these lines are normal.

Our problem is that, the raw traffic is round 5GB/hour. These Database updates generates so high traffic?