Video Screencast Help
As we strive to continually improve your experience on our site, please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points! * Take the survey.

SWG does not support web sites that require NTLM 401 authentication or a higher level of 401 authentication

Created: 12 Nov 2012
JB Park's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Referring to TECH189663 ( and the SWG 5.1 implementation guide on page 205,

The Symantec Web Gateway proxy supports basic 401 authentication from Web sites.

Web sites that require NTLM 401 authentication or a higher level of 401 authentication are unsupported.

As a result, customer using SWG proxy who is trying to connect to the sites that require NTLM 401 authentication will get a blank page instead of login prompt.

The workaround is to create an exception to bypass the SWG proxy for those web sites.

Customer is looking for a product enhancement for 401 authentication to be supported in the future SWG release concerning squid proxy version update.

For example,

Client will only see the blank page and will not get the authenticaiton pop-up window when connection is going through SWG proxy.
The packet capture will show similar things as below:

Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-au
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

HTTP/1.0 401 Unauthorized
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 12 Nov 2012 00:49:26 GMT
Content-Length: 0
X-Cache: MISS from sydswg8450-mgmt2.if.local
Via: 1.0 sydswg8450-mgmt2.if.local (SWG)
Proxy-Connection: close