Virtual Secure Web Gateway

 View Only
  • 1.  End user page not displayed to end user - DNS suffix problem

    Posted Apr 20, 2012 08:03 AM

    Hi,

    we have a problem with Web Gateway Appliance End user page. We are running into a problem on the user end when a computer is put into quarantine. The only thing the user sees is a blank browser or a browser with your normal error that the site can't be contacted.

    This happen because the web gateway send to end user the block page with incorrect url. Unlike what happens with end user page for blocked urls, for quarantine users it sends url with web gateway inline interface name instead IP. But the name is without DNS suffix:

    Example url send to end users:

    http://sewebgw1inline/spywall/infected.php?ip=10.4.68.103&profile=3&quarantine=1&request=www.ansa.it/

    When corrected in this way, it works (added dns suffix "unite.idc"):

    http://sewebgw1inline.unite.idc/spywall/infected.php?ip=10.4.68.103&profile=3&quarantine=1&request=www.ansa.it/

    In the network configuration section, section DNS settings, we have:

     

    Primary DNS
    Secondary DNS
    DNS Suffix
    DNS Settings
    LAN/WAN 1 (Inline) Ports Settings
    Inline IP Address
    Inline Interface Name
    Inline Subnet Mask
    Inline Default Gateway
     Web gateway is installed in trunk interface
    IP Address
    Management Interface Name
    Subnet Mask
    Default Gateway

    We have Web Gateway software version 5.0.2.8.

    Any Ideas?

    Also, under the configuration tab for Client Remediation there are options for Cleaning Application. When you drop down the menu the first two fields are blank and the third says Other. In the manual it doesn't really explain how to set this up and why the first two fields are blank.

    Thanks,

    Domenico Cecchini

    Università degli Studi di Teramo



  • 2.  RE: End user page not displayed to end user - DNS suffix problem

    Posted Apr 20, 2012 08:06 AM

    This is the network configuration:

    IP Address  172.30.1.44

    Management Interface Name sewebgw1

    Subnet Mask  255.255.255.0

    Default Gateway  172.30.1.1

    LAN/WAN 1 (Inline) Ports Settings
    Inline IP Address  10.4.0.10

    Inline Interface Name  sewebgw1inline

    Inline Subnet Mask  255.255.255.240

    Inline Default Gateway  10.4.0.1

     Web gateway is installed in trunk interface

     
    DNS Settings
    Primary DNS  192.168.4.16

    Secondary DNS 192.168.4.19

    DNS Suffix  unite.idc



  • 3.  RE: End user page not displayed to end user - DNS suffix problem

    Posted Apr 20, 2012 09:31 AM

    The issue is the client is unable to resolve short name of the SWG.

    if you do an nslookup on sewebgw1 from a client machine what is the result?

    Is there a local domain suffix on the client machine?

     



  • 4.  RE: End user page not displayed to end user - DNS suffix problem

    Posted Apr 26, 2012 06:16 AM

    The problem is that not all client have a local domain suffix. It is these clients who can not see end user page... So I was hoping there was a way to append the DNS suffix in the url to web gateway.



  • 5.  RE: End user page not displayed to end user - DNS suffix problem

    Posted Apr 26, 2012 06:34 AM

    ...of any way to force the SWG include its FQDN in the redirection it sends to the quarantined clients I'm afraid.  Though it does sound like a good/simple fix for your problem, so I'd definitinely encourage you to submit this as an "Idea" to Symantec.

    As far as your problem goes however, I can only suggest a couple of workarounds.

    1. Create DNS Host entry for the SWG's inline interface IP Address on the DNS Server used by the quarantined clients.
    2. Update the client machines to add the "unite.idc" domain to its list of suffixes to append

    There's problems with both obviously.  The first will add administrative overhead should the IP address of the SWG ever need changing, the second will likely only work for your own managed computers as you'd probably have to push the suffix list via GPO sad



  • 6.  RE: End user page not displayed to end user - DNS suffix problem

    Posted Apr 26, 2012 09:22 AM

    The DHCP server can also typically be used to assign/push the local suffix.