Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SWG does not support web sites that require NTLM 401 authentication or a higher level of 401 authentication

Created: 12 Nov 2012
JB Park's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Referring to TECH189663 (www.symantec.com/docs/TECH189663) and the SWG 5.1 implementation guide on page 205,

The Symantec Web Gateway proxy supports basic 401 authentication from Web sites.

Web sites that require NTLM 401 authentication or a higher level of 401 authentication are unsupported.

As a result, customer using SWG proxy who is trying to connect to the sites that require NTLM 401 authentication will get a blank page instead of login prompt.

The workaround is to create an exception to bypass the SWG proxy for those web sites.

Customer is looking for a product enhancement for 401 authentication to be supported in the future SWG release concerning squid proxy version update.

For example,
http://assist.cctgroup.com
http://webportal.ssu.com.au

Client will only see the blank page and will not get the authenticaiton pop-up window when connection is going through SWG proxy.
The packet capture will show similar things as below:

GET http://webportal.ssu.com.au/ HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-au
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: webportal.ssu.com.au

HTTP/1.0 401 Unauthorized
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 12.0.0.6421
Date: Mon, 12 Nov 2012 00:49:26 GMT
Content-Length: 0
X-Cache: MISS from sydswg8450-mgmt2.if.local
Via: 1.0 sydswg8450-mgmt2.if.local (SWG)
Proxy-Connection: close