Virtual Secure Web Gateway

I have had a reseller install Symantec Web Gateway Virtual Appliance version 5.2.1.80 today. It is installed on a SPAN Port that our Websense appliance was installed on and functioning as recently as yesterday.

The console shows traffic growing. It is at 68.14 GB in the last 24 hours. However, we are seeing NOTHING malicious.

URLs Inspected            0
Downloads Inspected            0
Unsafe Downloads    0    0    0
Content Filter Detections    0    0    0
Application Control Detections    0    0    0
Malware URL and IP Detections    0    0    0
Malware Download Detections    0    0    0
Phone Home Detections    0    0    0
Active Infected Clients            0
Client Machines Monitored    0

We have enabled monitor policies for everything. We have tested using the Symantec test sites such as:

http://testwebgateway.com/test/bltest.htm

http://testwebgateway.com/test/phtest.htm

It is obviously seeing traffic, but NOTHING is showing up in the Executive Summary or Reports.

Any ideas?

There are a lot of variables in this situation. You need to make sure that you have specified the correct internal network. You need to make sure that the policy you have created will apply to the users that are browsing and it sound slike you set the policy to have the content filtering categories you want logged set to Monitor or Block, not Allow. You also have to make sure that the traffic is not VLAN tagged, since Span/Tap Mode does not support VLANs.

Thanks for the reply.

We have specified the internal network with a supernet. 10.0.0.0  Subnet Mask 255.0.0.0.

We even tried specifying a test system IP as the Internal Network range with no change in behavior.

The Policies are applied to all users.

I'll have to check on the VLAN tagging, but I'm 99% sure that we are OK on that.

So, setting the virtual switches to promiscuous mode and enabling Content Filtering resolved the issue.

Yes. It's working great now after making those changes!