Endpoint Detection and ResponseAdvanced Threat Protection PlatformWeb Gateway
When Symantec Advanced Threat Protection: Network (SATP:N) Virtual Edition (VE) or Symantec Web Gateway (SWG) VE enters bypass mode, the appliance does not relay traffic from one inline interface to the other. Network traffic is halted when the service is disabled, the physical host computer is turned off, or the guest VM is powered down.
Virtual Editions of either SWG or SATP:N do not have access to the specialized bypass NICs that are included with physical SWG or SATP:N appliances. Therefore, SWG VE and SATP:N VE both use generic virtual nic device drivers, which will not relay traffic from one interface to the other when the service is disabled, when the guest VM is powered down, or when the physical host is off.
Note that because of this functional limitation, support for INLINE mode of SWG VE is best effort at Symantec Technical Support.
Do one of the following:
Accept behavior and make no changes.
To have an inline mode where bypass mode relays traffice, replace SWG VE with SWG8450 or SWG8490 or replace SATP:N VE with SATP:N8840 or SATP:N8880.
Implement the SWG VE or SATP:N VE in another mode. Remember to re-cable as appropriate.
For SATP:N VE, this would be SPAN/Tap mode.
For SWG, this could be either SPAN/Tap mode or Procy mode