Virtual Secure Web Gateway

Hello all. This is a strange behavior which I am facing for one of my production SWG's. There scenerio is as followed:

 

SWG ( proxy mode ) is deployed in a virtual envoirement supporting about 200 clients. From the past few months I am facing the following strange problem

• During random time of days there is a downtime faced on clients " meaning clients can't access the internet '' for some random amount of time ( 10-15 minutes) then suddenly after some times things get back to normal. This problem happens during multiple times within a day.
• During the outage on the virtual appliance I can access the Threat Center. Can ping various sites through Both the LAN and MAN interfaces. I can ping my DNS server. Both LAN and WAN default gateways. Meaning the communication from the SWG to the internet is working fine and smooth
• On the affected client I can ping to my inline interface and management interface fine. But I cannot browse internet. Even I cannot access my inline interface in the web browser
• After 10-15 minutes this issue is resloved itself and start to work normally but again after some time the same issue happens.

 

Could anyone please tell me why is this happening as this is a critical issue. Waiting for your kind replies.

Regards,

Have you reviewed this article?

http://www.symantec.com/docs/TECH172395

Thanks SMLatCST for your reply. They have allocated 16GB to the ESxi appliance and another thing which I have observed is processor utilization usually is around 80-85%.

Secondly Is there any proxy server that is hanging and causing this behavior ? in the web console I can't see any logs or errors that I can't see nor in the CLI.

How can I resolve this abnormal behavior ? Regards,

Another thing faced was that they were blocking few URLs but few days back those URLs that were blocked before could not be blocked anymore and users can browse those URLs without any blocking. why is this happening as well ?

The best thing to do at this point is to log a support case to investigate (as the article mentions).  Anything beyond resouce issue may suggest a bug, in which case Symantec will want to know about it to troubleshoot and fix.

This problem of clients down time is only persistent for few minutes like 10-15 minutes then everything gets back to normal . This happen couple of times a day . So the only thing to fix it via applying the patch ?

What should I do as of now to fix this issue ?

If I upgrade to a higher SWG version then would this issue be resolved after upgrading to a higher version ? Regards,

Assuming you are not running the latest version, then upgrading may resolve your issue.  It might be worth a try, but is no guarantee.

As mentioned earlier (as as stated in the article I linked to) it is recommended that you contact Symantec Support for further investigation.

As an impartial observation, do these periods of lost connectivity coincide with repeating schedules on any of the VMs on the same host?  Have you tried amending the SWG's own DB update schedule?

What is the latest version of SWG software ? 5.2 ?

Regards,

You can find out the latest version at any time by looking on the Symantec site (with a handy link below ):

http://www.symantec.com/business/support/index?page=releasedetails&key=58161

Thanks for your help. Currently the SWG is running the version 5.2.

Thanks SML, the issue was with proxy service binaries which hangs and causes the down time. applying the patch fix the problem. Regards