Virtual Secure Web Gateway

Hi

We have Web Gateway Applicance that has problems showing the correct users logged on in reports:

Simple Inline Configuration (lan and mgmt interfaces connected to the corporate switch-single ip adress).

Operating Mode :Inline + Blocking

TMG Proxy behind the Web Gateway configured as a proxy server on the Web Gateway and selected Analyze ports used by proxy

Using AD Integration using DC interface.When testing LDAP no errors occur.

THE PROBLEM:Users dont appear correctly in the reports (one user is shown to be looged on 5-10 pc`s at a time whitch is impossible because we only have 50 computers and i know for sure which user usess which computer).I have checked the option "Sync Frequency Sync user LDAP info every 0 hours" still the same problem.

Any help is aprretiated

Thanks

SWG matches user names to IP addresses sent by DCinterface at the time of the users last login. If the users IP address changes after login due to DHCP leases changing then users and IP may no longer match. If the IP addresses are changing regularly you may want to consider using NTLM authentication ot the SWG or adjusting your DHCP server settings to allow machines to renew/keep the IP they have for a longer period of time.

Hi Ben,thanks for the reply

The problem is not related to DHCP leases.For example,one user can be reported as loged on to 5 diferent pc`s in just 10 sec period.Another issue is that when someone uses RDP to conect to another pc with a diferrent user name than the one logged on the computer initiating the rdp connection,the user name used for rdp is displayed to be logged on the local computer.

RDP and citrix can a tricky space for the SWG as well actually. Again SWG matches users to IPs from login information sent from DC interface. It cannot track multiple users from one IP. So if multiple users access a machine each will log in and the last user to login will be the one that appears to do the browsing from that point on.

As per our documentation, your proxy server should be in front of the SWG so we see the traffic from the clients, before it hits the proxy server. This way we will see the client computer's IP address and not the proxy's IP.

Thanks for that,i will disable the option "analyze ports used by proxy".But i think that even with thah option disabled the problem was the same.Thanks anyway

Hi Everyone

I have found a solution for the repotrs problem

http://www.symantec.com/business/support/index?page=content&id=TECH166352&actp=search&viewlocale=en_US&searchid=1339154891285

Still if anyone has any idea about fixing the problem when using RDP please let me know

"Another issue is that when someone uses RDP to conect to another pc with a diferrent user name than the one logged on the computer initiating the rdp connection,the user name used for rdp is displayed to be logged on the local computer."