ビデオヘルプ

SWG in span/tap mode : blocking policy doesn't work

作成: 16 Jan 2013 • 更新: 01 Feb 2013 | コメント数: 6
mse_acos の写真
この問題は解決されました。 ソリューションを参照してください。

Hi,

I have a SWG virtual edition in span/tap mode, and the monitoring mode works perfectly.

My network configuration : Management card & Monitoring card, in span/tap mode.

I have modified my configuration in blocking mode, and also configured my default policy to block some categories.

My users still can reach the websites in this category, they don't get a page telling them those websites are forbidden. When I check the Web destinations menu, I can see the action taken by SWG is blocked instead of monitored (which is correct).

I see that in the span/tap mode network configuration, I have the possibiliy to add the LAN adapter to my configuration. Do I have to do this in order to use the blocking mode? Or do you have any idea why I can't use this mode?

Thank you in advance, and best regards,

Mathieu

コメント コメント数: 6最新のコメントを表示

SMLatCST の写真

How is your network setup?  Are your users on the same subnet as your SWG, or are you able to test from a machine on the same subnet as the SWG?

mse_acos の写真

Yes, users are on the same subnet than the Management card. I never had to configure the IP address on the monitoring card, which is connected on the switch in span/tap mode.

mse_acos の写真

No, I'll check my switch configuration and I'll be back after. Thank you!

yang_zhang の写真

You need to change the mode of your SWG into Inline mode. The block action doesn't work under a SPAN/TAP mode.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
SMLatCST の写真

Blocking works fine in span/tap mode for web pages.  Doesn't work for AV scan file downloads though.  I'd recommend checking out the below article for what can/cannot be blocked in the various SWG modes:

http://www.symantec.com/docs/HOWTO54160