Video Screencast Help

SWG does not support web sites that require NTLM 401 authentication or a higher level of 401 authentication

Created: 12 Nov 2012
JB Park's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Referring to TECH189663 (www.symantec.com/docs/TECH189663) and the SWG 5.1 implementation guide on page 205,

The Symantec Web Gateway proxy supports basic 401 authentication from Web sites.

Web sites that require NTLM 401 authentication or a higher level of 401 authentication are unsupported.

As a result, customer using SWG proxy who is trying to connect to the sites that require NTLM 401 authentication will get a blank page instead of login prompt.

The workaround is to create an exception to bypass the SWG proxy for those web sites.

Customer is looking for a product enhancement for 401 authentication to be supported in the future SWG release concerning squid proxy version update.

For example,
http://assist.cctgroup.com
http://webportal.ssu.com.au

Client will only see the blank page and will not get the authenticaiton pop-up window when connection is going through SWG proxy.
The packet capture will show similar things as below:

GET http://webportal.ssu.com.au/ HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-au
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: webportal.ssu.com.au

HTTP/1.0 401 Unauthorized
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 12.0.0.6421
Date: Mon, 12 Nov 2012 00:49:26 GMT
Content-Length: 0
X-Cache: MISS from sydswg8450-mgmt2.if.local
Via: 1.0 sydswg8450-mgmt2.if.local (SWG)
Proxy-Connection: close