Virtual Secure Web Gateway

 View Only

  • 1.  swg inline v/s management

    Posted Apr 24, 2012 07:39 AM

    hi everybody,

     

    i have implemented the swg to be used as  inline and proxy.  i think the management port is used on a different subnet so that user that are on the proxy does not get access to the swg.  i have done so but i am still being able to access the swg through the inline ip.

    managment port : 192.9.100.2

    inline :  192.9.101.40

    Please help



  • 2.  RE: swg inline v/s management

    Posted Apr 24, 2012 09:44 AM

    You may need to set up a route at the default network gateway/router to allow clients to access the subnet for the management port of the SWG.



  • 3.  RE: swg inline v/s management

    Posted Apr 24, 2012 10:24 AM

    ...this is by design.

    The SWG has always moved access to the webconsole from the Management Interface to the Inline interface and back, whenever the service is started/stopped.  All the "Separate Management and Inline Networks" option does, is force the console to be accessible on both IP addresses.

    I've asked Symantec about this before, as it's not very clear from the documentation what that option actually does; only that it is required if you want to enable either of the proxy modes.  And obviously, it's a security risk.

    It's not like there's even an option within the SWG to restrict access to the webconsole by source IP address either frown