When you enable Access Control Lists (ACLs) within one or more Layer 3 switches, Symantec Web Gateway (SWG) appliance in Span/Tap mode fails to block pages by URL and fails to display a blocking page. Instead browsers clients are able to access content that SWG would otherwise block.
To implement URL blocking in Span/Tap mode, SWG appliance performs TCP session hijacking. When SWG detects an URL that is in a category for which SWG has a policy which the action of "BLOCK", SWG sends a TCP RST packet to the foreign IP address. SWG also sends a blocking page to the local IP address.
Layer 3 switches have multiple security features which can interfere with SWG using TCP session hijacking to block content in this way.
Do one of the following: