You would like to know what the network requirements for the SWG management port are.
When the "Enable separate management and inline networks" option is enabled, the Management and LAN/WAN networks must reside on separate and distinct subnets that have distinct default gateways. In order for the SWG to function properly these networks cannot overlap.
The network that the management port is on must also have the same connectivity as described in the SWG Implementation Guide (open ports, access to DNS, Symantec Threat Center, etc.). When the management port is configured, the SWG uses it for administrative type communications such as contacting the Threat Center for DB updates, product updates, etc. This is a performance feature that is designed to offload some of the traffic from the LAN/WAN/SPAN/TAP interfaces.
The SWG will also use the management port to host the SWG blocking page so any SWG users must also have access (either direct or indirect) to the SWG network/IP that the management port is using.
Once a separate IP address has been specified and activated, verify connectivity to the Symantec Threat Center via the Test Connection to Symantec Threat Center button located on the Administration -> Configuration -> Network page. In addition, verify the time server, email, etc. after configuring a separate management IP address.
In addition, you should also verify connectivity to the Symantec Threat Center with the SWG service disabled. To disable the SWG service go to Administration -> Configuration -> Operating Mode and uncheck "Service Enabled". Verify connectivity to the Symantec Threat Center via the Test Connection to Symantec Threat Center button located on the Administration -> Configuration -> Network page.
Imported Document ID: TECH158913
Subscribing will provide email updates when this Article is updated. Login is required.