Restart of non-responsive DLP server requires a restart of SWG DLP components

book

Article ID: 157122

calendar_today

Updated On:

Products

Web Gateway Data Loss Prevention

Issue/Introduction

With Symantec Web Gateway (SWG) appliance configured for DLP, when a DLP server becomes unresponsive, SWG fails open for DLP requests until DLP server connectivity is restored. You seek a method for making DLP requests fail closed.

Cause

The current design of SWG appliance causes SWG to treat DLP server non-responsiveness in a Fail-open way, continuing to process requests based upon other existing filtering rules

Resolution

To stop and start the DLP components of SWG

  1. Within the SWG UI, navigate to Administration> Configuration
  2. On the Proxy tab, uncheck "Enable DLP"
  3. At the top of the page, click "Save"
  4. Re-check "Enable DLP"
  5. At the top of the page, click "Save"

To set SWG appliance so that the DLP behavior fails closed when SWG cannot communicate with the DLP server, please open a Remote Assistance case. Have the serial numbers ready for each SWG appliance where you seek to configure DLP in a fail closed way, then contact support for further assistance with low level configuration.

Note that monitoring DLP server for uptime is expected to occur outside of Symantec Web Gateway using other standard server monitoring facilities, such as SNMP or syslog. When a DLP server is restored to service, disable and re-enable the DLP component of SWG so that it attempts to use the DLP server again. In the background, disabling and re-enabling the DLP components will be achieved by restarting the SWG filtering service. In an INLINE+PROXY Operating mode, this will stop and then re-start network interfaces. If SWG is physically connected to the LAN port of a firewall in a firewall cluster, this will result in a firewall failover.