Virtual Secure Web Gateway

 View Only
  • 1.  Symantec Web Gateway 5.0 - Inline with an external proxy server mode

    Posted Oct 17, 2011 09:16 AM

    Dear All,

    I need some help with configuring SWG in "Inline with an external proxy" mode based on the diagram can be found in "Symantec Web Gateway Version 5.0 Implementation Guide" on page 34:

    LAN & WAN ports of SWG have the same IP and I'm a little confused what IP should the External Proxy Server got and how the communication exactly works from protected PC-s to the firewall.

    E.g. there are 2 networks: 192.168.254.0/24 for management and 192.168.1.0/24 for LAN. Network Mgmt PC has IP 192.168.254.253, the firewall is 192.168.1.1, SWG mgmt port is 192.168.254.254, SWG LAN/WAN port is 192.168.1.200.

    One of the protected PC-s is e.g. 192.168.1.100.

    What IP shoul I give for the external proxy, and which IP should I set as proxy on client PC (e.g.: 192.168.1.100). How will the communication work?

    Thanks your help in advance!

    Viktor



  • 2.  RE: Symantec Web Gateway 5.0 - Inline with an external proxy server mode

    Broadcom Employee
    Posted Oct 17, 2011 11:02 AM

    The Web Gateway is transparent unless it is being directly addresses. You should put in the IP address of the external proxy device.



  • 3.  RE: Symantec Web Gateway 5.0 - Inline with an external proxy server mode

    Posted Oct 18, 2011 04:46 AM

    Network Mgmt PC has IP 192.168.254.253

    Firewall is 192.168.1.1

    SWG mgmt port is 192.168.254.254

    SWG LAN/WAN port is 192.168.1.200

    One of the protected PC-s is 192.168.1.100

    External proxy (what directly connected to the SWG LAN port) is 192.168.1.201

    If I set the proxy settings of protected PC to use proxy 192.168.1.201:8080 will work properly?

    The protected PCs don't have direct connection or connection through any swithces to the proxy (cause the proxy is directly connected to SWG LAN port). How can they communicate (PC's with the external proxy)? The SWG functions as a hub/switch too?

     

    Thanks in advance!

     

    Viktor



  • 4.  RE: Symantec Web Gateway 5.0 - Inline with an external proxy server mode
    Best Answer

    Posted Oct 18, 2011 05:24 AM

    Hi,

    I assume your proxy deals at least with HTTP and SSL connections and that your network masks are all 24 bits (255.255.255.0).

    The traffic will go between LAN <--> WAN ports of SWG to go / come from your proxy.

    In your environment the protected PCs will make requests to the proxy which in turn will re-generate the connections to the intended URLs, so all HTTP/S connections to the internet will generate from the proxy. 

    the IP addressing looks fine. Some of the things I'd make sure:

    - cables are attached to the right place (check Implementation Guide)

    - protected PC's can ping the proxy host and reach the proxy port (i.e. 8080)

    - proxy can ping firewall (I assume this is the gateway to inetrnet) and protected PCs

    - proxy can properly resolve DNS

    - firewall allows proxy IP address to access the internet.

    - SWG had this proxy server included under Servers tab and the option to Analyze ports used by proxy is enabled under the Proxy tab.

    Check your custom reports for traffic and make sure the colums for source IP and destination port are enabled.

    HTH,

    Federico



  • 5.  RE: Symantec Web Gateway 5.0 - Inline with an external proxy server mode

    Posted Oct 18, 2011 06:58 AM

    Now it's clear. Thanks for your help!