Bypass mode does not relay traffic

book

Article ID: 162086

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform Web Gateway

Issue/Introduction

When Symantec Advanced Threat Protection: Network (SATP:N) Virtual Edition (VE) or Symantec Web Gateway (SWG) VE enters bypass mode, the appliance does not relay traffic from one inline interface to the other. Network traffic is halted when the service is disabled, the physical host computer is turned off, or the guest VM is powered down.

Cause



Virtual Editions of either SWG or SATP:N do not have access to the specialized bypass NICs that are included with physical SWG or SATP:N appliances. Therefore, SWG VE and SATP:N VE both use generic virtual nic device drivers, which will not relay traffic from one interface to the other when the service is disabled, when the guest VM is powered down, or when the physical host is off.


Note that because of this functional limitation, support for INLINE mode of SWG VE is best effort at Symantec Technical Support.


 

Resolution


Do one of the following:
  • Accept behavior and make no changes.
  • To have an inline mode where bypass mode relays traffice, replace SWG VE with SWG8450 or SWG8490 or replace SATP:N VE with SATP:N8840 or SATP:N8880.
  • Implement the SWG VE or SATP:N VE in another mode. Remember to re-cable as appropriate.
    For SATP:N VE, this would be SPAN/Tap mode.
    For SWG, this could be either SPAN/Tap mode or Procy mode