When you enable Access Control Lists (ACLs) within one or more Layer 3 switches, Symantec Web Gateway (SWG) appliance in Span/Tap mode fails to block pages by URL and fails to display a blocking page. Instead browsers clients are able to access content that SWG would otherwise block.
To implement URL blocking in Span/Tap mode, SWG appliance performs TCP session hijacking. When SWG detects an URL that is in a category for which SWG has a policy which the action of "BLOCK", SWG sends a TCP RST packet to the foreign IP address. SWG also sends a blocking page to the local IP address.
Layer 3 switches have multiple security features which can interfere with SWG using TCP session hijacking to block content in this way.
Do one of the following:
Within the Layer 3 switch where SWG is connected, disable ACLs and other security features preventing session hijacking. Please consult the documentation on your Layer 3 switch for more information.
Deploy SWG appliance in Inline mode.
Retain SWG appliance in Span/Tap, but change from Blocking to Monitoring.
Imported Document ID: TECH158328
Subscribing will provide email updates when this Article is updated. Login is required.