Virtual Secure Web Gateway

 View Only
  • 1.  Inline setting and capabilities

    Posted Oct 16, 2011 11:16 PM

    Hi,

    Can someone help me with these questions

    i) Do I have to configure proxy server setting  in browser if I'm using Inline + Proxy configuration? Is it only Inline configuration support transparent setting?

    ii) What are the main differences between Inline and Inline+Proxy mode? Is there any capabilities that Inline+Proxy mode can do that Inline cannot do? I think that https blocking can only be done while in proxy mode.

    Is there any links or documentation that can help me more with SWG capabilites when configured with different modes i.e. inline only, inline+ proxy etc.

    Thank You in advance.

     



  • 2.  RE: Inline setting and capabilities

    Posted Oct 17, 2011 05:48 AM

    Hi,

    I'll try to answer your questions:

    i) Yes, you have to configure the browsers to use the proxy. You can use WPAD, Active Directory or od it manually. WCCP is not supported yet. Inline is transparent as you mentioned.

    ii) The proxy will allow you to effectively block HTTPS sites, do HTTPS decryption,  scan that traffic for threats, integrate with Data Loss Prevention solutions and more. There is also an FTP and a SOCKS proxy available.

    I'll check if there is any document that would compare different modes and post it here eventually. For the moment please have a look at the release notes and Implementation Guide for more information on What's new:

    http://www.symantec.com/business/support/index?page=content&key=58161&channel=DOCUMENTATION

    HTH,

    Federico



  • 3.  RE: Inline setting and capabilities

    Posted Oct 17, 2011 08:01 PM

    thanks fferaboli for the reply.

    So, If i understand your reply correctly:

    1) I still need to configure browsers to use proxy even when I'm using the inline+proxy mode

    In inline+proxy mode, Would I be able to configure which users (perhaps by specifying IP range etc) using proxy, and which user will not be using it?

    2) If I'm using Inline ONLY mode, the only thing I won't get is blocking/decrypting https, ftp/socks proxy, and integration with DLP. Right?

     

    Basically, in this customer's place, there are 2 groups of users: Staff and Guest.

    For staff, they would want stricker policy - able to block https, scan threats etc. For Guest, I can say that they just don't care much on the policy as long as the guest can browse internet. And configuring browser to use proxy in these guest users would be troublesome too.

     

    Tq.

     

     



  • 4.  RE: Inline setting and capabilities

    Posted Oct 18, 2011 05:04 AM

    Hi,

    1 ) yes, you must configure the browser to use the proxy, is not a transparent proxy. In most of the deployments I've seen, a firewall is configured so the proxy is the only IP address allowed to access the internet. 

    Still is the network environment allows, you can take advantage of the inline mode on those hosts where the proxy was not set. 

    You can however, distribute proxy settings via DHCP to you guests if you want. This is an example:

    http://technet.microsoft.com/en-us/library/cc940962(WS.10).aspx

    2) Yes, you will be missing that and features that rely on that like AV scanning or DLP for SSL connections.

     

    Regards,

    Federico