Log Messages; Verifying Avpe Operation - Symantec 360R - Security Gateway SGS Administration Manual

110 Advanced network traffic control

Verifying AVpe operation

Log messages

Verifying AVpe operation
When you enable AVpe and a client connection is denied (either because it is
blocked or warned), a message is logged. You can view these log messages
periodically to monitor your traffic.
To view AVpe log messages
See "View Log tab field descriptions"
1
In the left pane of the Security Gateway Management Interface (SGMI), click
Logging/Monitoring.
2 On the View Log tab, click Refresh.
After you have enabled AVpe, you can test its operation by disabling Symantec
AntiVirus Corporate Edition in a client workstation and then attempting to
connect to the local network. If antivirus policy enforcement is properly
configured, in the absence of enabled Symantec antivirus software, all
connection attempts should be blocked or warned.
The status of the secondary antivirus server is not displayed unless the primary
server is unreachable.
Note: The client workstation does not receive any notification that network
access is blocked and a message is logged.
To test antivirus policy enforcement operation
See "Logging/Monitoring field descriptions"
1 Uninstall Symantec AntiVirus Corporate Edition from a client workstation
that has been configured as part of an computer group with AVpe enabled,
with connections blocked.
2 Open a Web browser and attempt to connect to www.symantec.com.
The connection attempt should fail and all communication through the
firewall should be blocked.
3 From the left pane of the Security Gateway Management Interface (SGMI),
click Logging/Monitoring.
4 Click View Log and check for a warning message indicating that all
connection attempts for the particular client are blocked due to policy non-
compliance.
on page 154.
on page 151.