Virtual Secure Web Gateway

 View Only

  • 1.  Symantec Web Gateway Policy precedence did not work

    Posted Apr 25, 2012 02:13 AM

    Hi,

    In Symantec web gateway have created three security groups at domain controller and we are managing web traffic policies at these groups. We need to block internet for all users who are not part of any of the following three security groups.

    1. Test1
    2. Test2
    3. Test3

    I created a policy for all computer at the end of three policies (policies which are for three AD groups). but all computer policy block all traffic for all user event Test1, Test2, and Test3 users.

    Kindly guide me

     

    Best regards

    Ishaq



  • 2.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Apr 25, 2012 02:14 AM

    Kindly someone reply back.

    regards

    Ishaq



  • 3.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Apr 25, 2012 03:40 AM

    Specifically, can you advise if and how you have setup the SWG authentication?

    Presumably, the LDAP part of it must be configured in order to allow you to target LDAP workgroups with your policies, but can you please check:

    • you have a correctly configured Authentication policy
    • that your users actually do authenticate
    • how your SWG authenticates your users (NTLM/DCInterface)

    We should be able to better advise you how to investigate once we have more info.



  • 4.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Apr 25, 2012 04:10 AM

    Dear SMLatCST,

     

    Thanks for your reply, kindly find information below:

    - yes we correctly configure authentication policy and only AD use can access internet through proxy.

    - AD 2008 is runing.

    - We use NTLM authentication.

     

    Best regards

    Ishaq



  • 5.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Apr 25, 2012 04:25 AM

    ...SWG setup would help?

    What do the SWG custom reports say when these users are blocked access?  Does it give you the name of the user that was blocked as well?



  • 6.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Apr 25, 2012 09:20 AM

    You would want the AD group policies before the all computer polices the policies are processed in order.



  • 7.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Jun 08, 2012 10:43 AM

    i have same problem . i think thins problem is insoluble.



  • 8.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Jun 11, 2012 09:55 AM

    Are users actually authenticating? You should be able to see this by running a custom report based on username. If you are unable to run a report based on a username you will need to trouble shoot that.

    If username reports do work then you will likely need to look at your policy order and settings.



  • 9.  RE: Symantec Web Gateway Policy precedence did not work

    Posted Jun 11, 2012 10:18 AM

    report section does not show anything. ntl and ldap authentication tests was succcesfull.

    i changed authentication ttl to 0 and sync frequency to 1 hour. it is sametimes working.  sometimes denied all requests.