Virtual Secure Web Gateway

Hello everyone. I am faced with a requirement and I need your help to resolve this issue. I am faced with the following requirement:

• I need to completely block youtube when accessed via HTTPs

• I need to block some specific URLs within youtube when accessed via HTTP

SWG is being implemented in inline only mode with a physcial appliance. Also how many users can a single SWG appliance can support in this mode. Please Share with me as how can I implement the above mentioned requirement. Waiting for your kind replies.

Regards,

Here's my view on this:

1. In Inline mode, you'll only be able to use Domain Level inspection (http://www.symantec.com/docs/HOWTO54200) of HTTPS sites (which handily matches up to your requirement to block the entire domain).
   This article describes how to block LogMeIn, which you can use to block Youtube instead:
   http://www.symantec.com/docs/HOWTO82338
   It talks about using Blacklists and requires an External upstream proxy in order to work (for HTTPS in Inline mode):
   http://www.symantec.com/docs/HOWTO54141
   http://www.symantec.com/docs/TECH178689
   http://www.symantec.com/docs/TECH98131
2. This article tells you how to block by part of a URL:
   http://www.symantec.com/docs/TECH171062

Well thanks for the reply altough its  a lot of reading , I will get back to you soon after reading them :)

Regards.

Hello SMLacst . There is no upstream proxy being used in the current envoirement. Following are the observations:

1. Now I am able to block some specific URLs or videos within YouTube when accessed via HTTP (Inline only mode)

2. When I am accessing YouTube via HTTPs . I am not able to block the whole domain ( inline only mode).How can  I acheive this ? ( to block the whole domain when accessed via HTTPS )

I am able to acheive the first functionality but I am unable to block the whole domain when accessed via HTTPs. Is it becuase the traffic is encrypted and for the SWG to see it and block it I have to either user SWG as a proxy or use an external proxy to block the whole domain when accessed via HTTPS.

Secondly Which mechanism and how does SWG Blocks websites and how many users the SWG physical appliance can support when operating in inline mode ?
 

Regards,

If I use the span/tap mode then would I be able to acheive the above required functionality ? Regards

Any Symantec people would like to comment on this ?

Secondly Which mechanism does SWG uses to perform URL filtering (blocking webpages) . Is it TCP session Hijacking ?. I wana to know the process or mechanism that is doing the blocking.

As illustrated from my first post, a lot (if not all) of this information is available on the SWG KB, you need but just search.

To help you along though, here are a couple of answers to your earlier questions:

1. Good to hear
2. This cannot be done with the SWG without either the SWG acting as a proxy, or using an external upstream proxy.  The one-from-last article I linked earlier (repeated below), explains why
   If the browser is not going through a proxy, when accessing an HTTPS website, the data (including URL) is encrypted and therefore SWG will not "see" the URL and apply the policy"
   http://www.symantec.com/docs/TECH98131
3. Span/Tap mode has the same issue in that if it cannot see the URL it cannot know what it is to block it
4. Number of users and how it blocks:
   http://www.symantec.com/docs/TECH144596

@SMLcst Thanks for your kind and generous reply :)  Regards

No problem, I hope it helps!