SWG in span/tap mode : blocking policy doesn't work
Hi,
I have a SWG virtual edition in span/tap mode, and the monitoring mode works perfectly.
My network configuration : Management card & Monitoring card, in span/tap mode.
I have modified my configuration in blocking mode, and also configured my default policy to block some categories.
My users still can reach the websites in this category, they don't get a page telling them those websites are forbidden. When I check the Web destinations menu, I can see the action taken by SWG is blocked instead of monitored (which is correct).
I see that in the span/tap mode network configuration, I have the possibiliy to add the LAN adapter to my configuration. Do I have to do this in order to use the blocking mode? Or do you have any idea why I can't use this mode?
Thank you in advance, and best regards,
Mathieu
Comments 6 Comments • Jump to latest comment
How is your network setup? Are your users on the same subnet as your SWG, or are you able to test from a machine on the same subnet as the SWG?
http://www.cstl.com/
Yes, users are on the same subnet than the Management card. I never had to configure the IP address on the monitoring card, which is connected on the switch in span/tap mode.
Have you seen the below article?
http://www.symantec.com/docs/TECH158328
http://www.cstl.com/
No, I'll check my switch configuration and I'll be back after. Thank you!
You need to change the mode of your SWG into Inline mode. The block action doesn't work under a SPAN/TAP mode.
Blocking works fine in span/tap mode for web pages. Doesn't work for AV scan file downloads though. I'd recommend checking out the below article for what can/cannot be blocked in the various SWG modes:
http://www.symantec.com/docs/HOWTO54160
http://www.cstl.com/
Would you like to reply?
Login or Register to post your comment.