With Symantec Web Gateway (SWG) appliance configured for DLP, when a DLP server becomes unresponsive, SWG fails open for DLP requests until DLP server connectivity is restored. You seek a method for making DLP requests fail closed.
The current design of SWG appliance causes SWG to treat DLP server non-responsiveness in a Fail-open way, continuing to process requests based upon other existing filtering rules
To stop and start the DLP components of SWG
To set SWG appliance so that the DLP behavior fails closed when SWG cannot communicate with the DLP server, please open a Remote Assistance case. Have the serial numbers ready for each SWG appliance where you seek to configure DLP in a fail closed way, then contact support for further assistance with low level configuration.
Note that monitoring DLP server for uptime is expected to occur outside of Symantec Web Gateway using other standard server monitoring facilities, such as SNMP or syslog. When a DLP server is restored to service, disable and re-enable the DLP component of SWG so that it attempts to use the DLP server again. In the background, disabling and re-enabling the DLP components will be achieved by restarting the SWG filtering service. In an INLINE+PROXY Operating mode, this will stop and then re-start network interfaces. If SWG is physically connected to the LAN port of a firewall in a firewall cluster, this will result in a firewall failover.