When you enable Access Control Lists (ACLs) within one or more Layer 3 switches, Symantec Web Gateway (SWG) appliance in Span/Tap mode fails to block pages by URL and fails to display a blocking page. Instead browsers clients are able to access content that SWG would otherwise block.
To implement URL blocking in Span/Tap mode, SWG appliance performs TCP session hijacking. When SWG detects an URL that is in a category for which SWG has a policy which the action of "BLOCK", SWG sends a TCP RST packet to the foreign IP address. SWG also sends a blocking page to the local IP address.
Layer 3 switches have multiple security features which can interfere with SWG using TCP session hijacking to block content in this way.
Do one of the following:
Within the Layer 3 switch where SWG is connected, disable ACLs and other security features preventing session hijacking. Please consult the documentation on your Layer 3 switch for more information.
Deploy SWG appliance in Inline mode.
Retain SWG appliance in Span/Tap, but change from Blocking to Monitoring.
Rate this Article
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.