SWG in Span/Tap with Dual Homing fails to block web pages
Last Updated December 01, 2014
When Dual homing is enabled in TAP Mode, for the URL’s that should be blocked as per the policy, the blocking page is not seen even though the reports we see the blocking action. The behavior is same for LAN1 and LAN2.
No errors visibile within the user interface of Symantec Web Gateway (SWG) appliance
Steps to Reproduce:
Install SWG software from DVD
Login into SWG console as admin.
Configure IP, gateway & other details.
Login into SWG console as root
Navigate through the wizard.
Enter License ,IP , Credentials and complete the wizard for SWG
Upgrade to latest SWG software version
In SWG UI, navigate to Configuration -> Network tab,
Enable the dual IP option and assign LAN1 IP and other details
Enable Dual homing option and assign LAN2 IP and other details
Test either of the following 2 scenarios
Note: “hardware connection to SWG port” is the WAN1,LAN1,WAN2,LAN2 ports at the back side of SWG.
Scenario 1: LAN1 N/W LAN2 N/W Client N/W(n/w cable ONLY to) UI_Status Packet captured only for
192.168.2.x 192.168.1.x LAN2(192.168.1.x) LAN is UP LAN, MAN, MON
Scenario 2: LAN1 N/W LAN2 N/W Client N/W(n/w cable ONLY to) UI_Status Packet captured only for
192.168.1.x 192.168.2.x LAN1(192.168.1.x) LAN2 is UP MAN, MON
Client browser does not display blocking page for the URL's that should be blocked as per the policy.
Custom Reports shows the blocking action.
Dual homing is not supported in Span/Tap mode.
SWG 8490 appliance hardware
Dual homing enabled
Separate inline and management networks
Imported Document ID: TECH226263
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe