Virtual Secure Web Gateway

Hi all,

I'm very new to SWG. Have referred to the guides unfortunately there are still things that I need to clarify. Hope somebody can help me here. Thanks in advance.

1) It is stated in the guide that bypass only work in inline mode. Does bypass work in inline+proxy mode as well?

2) As a best practice, if I'm deploying SWG in inline+proxy mode, should I put it in DMZ?

3) I have 2 SWG appliance, but only 1 firewall. The implementation guide says  that HA can be done, if I have 2 SWG connected to 2 firewall. Is there a way that I can do HA for my two boxes here, with ONLY 1 firewall? Maybe DNS priority or virtual IP? 

Thank you.

bypass will work in inline + proxy mode but proxy clients will not be able to bypass the SWG if it goes.

There is no need to put it in the DMZ idealy it should be between your top level LAN switch and your firewall not on the other side of a firewall.

This would depend on the configuration of your firewall. Typically this would be a firewall with two LAN and WAN ports that can make this easy and when a fail over occrus at one firewall traffic switches to the other causing the traffic to go to the "second SWG". If clients are proxy clients you can use a a PACfile  to specificy multiple proxy servers or DNS to balance which device they pass through though this can cause reporting be tricky as clients may change boxes frequently...