Virtual Secure Web Gateway

 View Only

  • 1.  SWG generates high amount of traffic

    Posted Mar 14, 2012 07:43 AM

    Dear All,

    I've setup a SWG in proxy mode at one of our customers as pilot. Nobody've started to use it yet.

    I've setup a policy to monitor all traffic for all computers. If I check traffic at custom reports I see these:

     

    Date/Time Stamp  Requested URL or Filename
    03/14/2012 09:11 206.253.225.174:443
    03/14/2012 09:07 85.25.252.124:443
    03/14/2012 09:01 87.106.3.48:443
    03/14/2012 08:59 license.cobion.com:443
    03/14/2012 08:50 87.106.21.125:443
    03/14/2012 08:41 206.253.225.12:443
    03/14/2012 08:27 206.253.225.174:443
    03/14/2012 08:20 85.25.252.124:443
    03/14/2012 08:12 87.106.3.48:443
    03/14/2012 07:59 license.cobion.com:443
    03/14/2012 07:49 206.253.225.12:443
    03/14/2012 07:38 206.253.225.174:443
    03/14/2012 07:28 85.25.252.124:443
    03/14/2012 07:21 87.106.3.48:443
    03/14/2012 07:13 87.106.21.125:443
    03/14/2012 06:59 license.cobion.com:443
    03/14/2012 06:38 206.253.225.174:443
    03/14/2012 06:31 85.25.252.124:443
    03/14/2012 06:23 87.106.3.48:443
    03/14/2012 06:16 87.106.21.125:443
    03/14/2012 06:11 206.253.225.12:443
    03/14/2012 05:59 license.cobion.com:443
    03/14/2012 05:37 85.25.252.124:443
    03/14/2012 05:29 87.106.3.48:443
    03/14/2012 05:20 87.106.21.125:443
    03/14/2012 05:11 206.253.225.12:443
    03/14/2012 05:06 206.253.225.174:443
    03/14/2012 04:59 license.cobion.com:443
    03/14/2012 04:42 87.106.3.48:443
    03/14/2012 04:35 87.106.21.125:443
    03/14/2012 04:26 206.253.225.12:443
    03/14/2012 04:21 206.253.225.174:443
    03/14/2012 04:11 85.25.252.124:443
    03/14/2012 03:59 license.cobion.com:443
    03/14/2012 03:45 87.106.21.125:443
    03/14/2012 03:36 206.253.225.12:443
    03/14/2012 03:24 206.253.225.174:443
    03/14/2012 03:17 85.25.252.124:443
    03/14/2012 03:11 87.106.3.48:443
    03/14/2012 02:46 206.253.225.12:443
    03/14/2012 02:44 license.cobion.com:443
    03/14/2012 02:39 206.253.225.174:443
    03/14/2012 02:32 85.25.252.124:443
    03/14/2012 02:23 87.106.3.48:443
    03/14/2012 02:15 87.106.21.125:443
    03/14/2012 01:59 license.cobion.com:443
    03/14/2012 01:38 206.253.225.174:443
    03/14/2012 01:29 85.25.252.124:443
    03/14/2012 01:21 87.106.3.48:443
    03/14/2012 01:13 87.106.21.125:443
    03/14/2012 01:06 206.253.225.12:443
    03/14/2012 00:59 license.cobion.com:443
    03/14/2012 00:55 85.25.252.124:443
    03/14/2012 00:44 87.106.3.48:443
    03/14/2012 00:33 87.106.21.125:443
    03/14/2012 00:23 206.253.225.12:443
    03/14/2012 00:14 206.253.225.174:443

     

    There were no any other lines, but the "Raw traffic Processed" at Executive Summary was 26GB. Is there any idea what could happened?

     

    Thanks in advance!

     

    Viktor



  • 2.  RE: SWG generates high amount of traffic
    Best Answer

    Posted Mar 14, 2012 09:35 AM

    I suspect you have the SWG configured to use it self for a proxy to get to the internet thus you are seeing the information in the reports.

    From the information I have found it appears the sites accessed are hosting the SWG database for the content filtering.



  • 3.  RE: SWG generates high amount of traffic

    Posted Mar 18, 2012 08:13 PM

    The MGT interface of SWG doesn't have internet access through the firewall, so I've set it's own LAN interface to use it for communicating with Symantec Threat Center. So these lines are normal.

    Our problem is that, the raw traffic is round 5GB/hour. These Database updates generates so high traffic?