Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Web Gateway

Created: 27 Mar 2013 • Updated: 02 Apr 2013 | 4 comments
Rui Ribeiro's picture
This issue has been solved. See solution.

Gents

Doing a PoC for a customer for Web Gateway, need to get this right... so far, i was able to get the appliance up and running, set up a few policies and tested it on 10 IT users configuring the ports manually just to make sure nothing is wrong.

The environment is a mixed OS: Windows XP and Windows 7, Browsers: IE8, 9 and Firefox a few Chromes...

My problem is at the policies, i have a simple configurtaion:

Policy number 1 (high) with all the web content i need filtered out applied to AD group "Internet Access"

Policy number 2 (low) with the all the web content i need blocked applied to "all computers"

I need a third higher priority policy to place above the Policy Number 1 here for authentication only, this is where my problem starts...

There are a few machines the system allow and fullfill the requestes but the majority the system simples open the broswer windows and stays there no error no nothing just the message... "trying to connect" and stays there forever...

If i remove the authentication then all works...

NTLM is OK

LDAP is OK and see the AD groups ok as well..

Where do i need to look to get this right?

Cheers

Operating Systems:

Comments 4 CommentsJump to latest comment

SMLatCST's picture

Which mode are you using?

IIRC only the proxy mode uses NTLMv2, whereas span/tap and inline modes use NTLMv1 (which will obviously cause issues with Win7 endpoints).

Perhaps take a look at the below article:

http://www.symantec.com/docs/HOWTO54161

Rui Ribeiro's picture

Thank you for your reply.

Proxy Mode Only.

The article you suggested was part of my investigations already, i ahve applied the GPO on all workstations will see if tomorrow it worked.

Articles on this product are hard to find, not many of us using it, but i am yellow inside so i Symantec all the way... :-)

I will let you know tomorrow.

Do you want me to place a few screen shots here of some of the configs then you can have a look if something is missing?

TSE-JDavis's picture

There are a few things that can cause what you have described. I would suggested going through this guide step by step to make sure that you did not miss an important setting such as having an A record for the SWG's interface name(s):

http://www.symantec.com/docs/HOWTO54114

This document might also help:

http://www.symantec.com/docs/TECH166651

 

Rui Ribeiro's picture

Gents

Sorry for not coming back to you guys, with a response, so far the Web Gateway seems to be ok without the autentication option on, so i left like that, i got envolved on another project and forgot to close the question.

The GPO has been applied and the autentication worked for a few computers only again, so i gave up, i will keep it like this for now in case it becomes a real issue i will open a case with Symantec.

Thanks for the help

SOLUTION