Virtual Secure Web Gateway

 View Only

  • 1.  IP, MAC, or Hostname Blocked?

    Posted Apr 01, 2010 12:14 AM
    When SWG quarantines a computer is this by IP address or MAC address?  Big issue is if a machine is quarantined by IP then a few hours later when that IP is released and another system gets that same IP via DHCP will the clean machine be quarantined and the infected system now be free to communicate?





  • 2.  RE: IP, MAC, or Hostname Blocked?

    Posted Apr 07, 2010 06:12 PM
    Kristopher,

    You are correct - SWG will use IP address.  This is because in most customer cases, SWG cannot reliably get the MAC address of a host since it is typically either on a different subnet than the host (such as the subnet of the firewall or gateway device) and/or there is a router in between SWG and the host.  The SWG quarantine feature works best in environments that do not employ heavily dynamic IP addresses.

    We are investigating other methods such as Dynamic DNS or MAC address IP lookups on the DHCP server for improvement in future releases of the product.



  • 3.  RE: IP, MAC, or Hostname Blocked?

    Posted Apr 07, 2010 09:17 PM
    Thanks,

    Looking through the console.  Is there a way to create an alert when a system is placed in quarantine?


  • 4.  RE: IP, MAC, or Hostname Blocked?

    Posted Apr 21, 2010 02:04 PM

    Not currently - we can alert if it's been infected, but not if quarantined.  Sounds like a good Enhancement request though.