Video Screencast Help
Search Video Help Close Back
to help

Symantec Web Gateway Policy precedence did not work

Created: 24 Apr 2012 | 8 comments
Muhammad Ishaq Khan's picture
Muhammad Ishaq Khan Partner Accredited
0 0 Votes
Login to vote

Hi,

In Symantec web gateway have created three security groups at domain controller and we are managing web traffic policies at these groups. We need to block internet for all users who are not part of any of the following three security groups.

  1. Test1
  2. Test2
  3. Test3

I created a policy for all computer at the end of three policies (policies which are for three AD groups). but all computer policy block all traffic for all user event Test1, Test2, and Test3 users.

Kindly guide me

 

Best regards

Ishaq

Discussion Filed Under:
, , , , ,

Comments 8 CommentsJump to latest comment

Muhammad Ishaq Khan's picture
Muhammad Ishaq Khan Partner Accredited
Symantec Web Gateway Policy precedence did not work - Comment:24 Apr 2012 : Link

Kindly someone reply back.

regards

Ishaq

Best Regards,                                     &nbsp

0
Login to vote
  • Actions
SMLatCST's picture
SMLatCST Partner Accredited
Symantec Web Gateway Policy precedence did not work - Comment:25 Apr 2012 : Link

Specifically, can you advise if and how you have setup the SWG authentication?

Presumably, the LDAP part of it must be configured in order to allow you to target LDAP workgroups with your policies, but can you please check:

  • you have a correctly configured Authentication policy
  • that your users actually do authenticate
  • how your SWG authenticates your users (NTLM/DCInterface)

We should be able to better advise you how to investigate once we have more info.

http://www.cstl.com/

0
Login to vote
  • Actions
Muhammad Ishaq Khan's picture
Muhammad Ishaq Khan Partner Accredited
Symantec Web Gateway Policy precedence did not work - Comment:25 Apr 2012 : Link

Dear SMLatCST,

 

Thanks for your reply, kindly find information below:

- yes we correctly configure authentication policy and only AD use can access internet through proxy.

- AD 2008 is runing.

- We use NTLM authentication.

 

Best regards

Ishaq

Best Regards,                                     &nbsp

0
Login to vote
  • Actions
SMLatCST's picture
SMLatCST Partner Accredited
Symantec Web Gateway Policy precedence did not work - Comment:25 Apr 2012 : Link

...SWG setup would help?

What do the SWG custom reports say when these users are blocked access?  Does it give you the name of the user that was blocked as well?

http://www.cstl.com/

0
Login to vote
  • Actions
BenDC's picture
BenDC Symantec Employee
Symantec Web Gateway Policy precedence did not work - Comment:25 Apr 2012 : Link

You would want the AD group policies before the all computer polices the policies are processed in order.

+1
Login to vote
  • Actions
xinetd's picture
xinetd
Symantec Web Gateway Policy precedence did not work - Comment:08 Jun 2012 : Link

i have same problem . i think thins problem is insoluble.

0
Login to vote
  • Actions
BenDC's picture
BenDC Symantec Employee
Symantec Web Gateway Policy precedence did not work - Comment:11 Jun 2012 : Link

Are users actually authenticating? You should be able to see this by running a custom report based on username. If you are unable to run a report based on a username you will need to trouble shoot that.

If username reports do work then you will likely need to look at your policy order and settings.

+1
Login to vote
  • Actions
xinetd's picture
xinetd
Symantec Web Gateway Policy precedence did not work - Comment:11 Jun 2012 : Link

report section does not show anything. ntl and ldap authentication tests was succcesfull.

i changed authentication ttl to 0 and sync frequency to 1 hour. it is sametimes working.  sometimes denied all requests.

 

0
Login to vote
  • Actions