Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SWG in span/tap mode : blocking policy doesn't work

Created: 16 Jan 2013 • Updated: 01 Feb 2013 | 6 comments
mse_acos's picture
This issue has been solved. See solution.


I have a SWG virtual edition in span/tap mode, and the monitoring mode works perfectly.

My network configuration : Management card & Monitoring card, in span/tap mode.

I have modified my configuration in blocking mode, and also configured my default policy to block some categories.

My users still can reach the websites in this category, they don't get a page telling them those websites are forbidden. When I check the Web destinations menu, I can see the action taken by SWG is blocked instead of monitored (which is correct).

I see that in the span/tap mode network configuration, I have the possibiliy to add the LAN adapter to my configuration. Do I have to do this in order to use the blocking mode? Or do you have any idea why I can't use this mode?

Thank you in advance, and best regards,


Comments 6 CommentsJump to latest comment

SMLatCST's picture

How is your network setup?  Are your users on the same subnet as your SWG, or are you able to test from a machine on the same subnet as the SWG?

mse_acos's picture

Yes, users are on the same subnet than the Management card. I never had to configure the IP address on the monitoring card, which is connected on the switch in span/tap mode.

mse_acos's picture

No, I'll check my switch configuration and I'll be back after. Thank you!

yang_zhang's picture

You need to change the mode of your SWG into Inline mode. The block action doesn't work under a SPAN/TAP mode.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
SMLatCST's picture

Blocking works fine in span/tap mode for web pages.  Doesn't work for AV scan file downloads though.  I'd recommend checking out the below article for what can/cannot be blocked in the various SWG modes: