Virtual Secure Web Gateway

 View Only
  • 1.  Web gateway can support these requirements

    Posted Feb 20, 2015 02:41 AM

    Dear All,

     

    One of my client has asked if webgateway can support the following features i need a simple y/N on below queries . Your help will be much apprecaited.

     

    1. IP address + User (AD User) Authentication: User should only be able to user internet with given IP and his username. If one of the two does not match then browsing should not be allowed.

    2. Quota Management: Bandwidth management is possible such that bandwidth can be given to a certain group and in that group a user can be given a certain amount of bandwidth from that particular allocated group. 

    3. Real Time bandwidth monitoring is possible

    4. Publishing for websites should be possible Like ISA/TMG through reverse proxy. Support for Exchange 2013 OWA publishing.  

    5. Category filtering of websites that is when certain category is selected to allow or block, all the websites pertaining to it are Allowed / blocked.

    6. Reports can be customized according to user needs, for instance user X report can be fetched, browsing a certain website at a certain time.

    7. Solution should be able to log the user data for 6 months such that last 6 month usage report can be generated.

    8. High Availability Clustering should be enabled both for device failure and Internet link failure.

    9. Routes can be defined if multiple adapters are used, this feature can be used in a perimeter environment

    10. Built in patterns are defined to stop DOS, spoof attacks etc.

    11. Downloading restriction can be done, for e.g. user downloading more than 3 MB will be blocked

    12. On messengers chat can be monitored and if possible certain features like file sharing, application sharing etc. can be disabled.

    13. A disclaimer page can be displayed upon opening browser to notify user terms and condition of using internet on UBL

    14. A disclaimer page can be displayed upon opening messenger to notify user that chat will be monitored

    15. On free email domains sending email and attaching a file can be blocked

    16. All the important features provide by TMG including Malware detection, Virus Malicious software scanning, category filtering of websites etc.



  • 2.  RE: Web gateway can support these requirements

    Broadcom Employee
    Posted Mar 02, 2015 02:48 PM
    1. Yes

    2. No

    3. No

    4. No idea what that is

    5. Yes

    6. Yes

    7. Not recommended

    8. No

    9. Yes

    10. Yes

    11. No

    12. No

    13. No

    14. No

    15. No

    16. Yes



  • 3.  RE: Web gateway can support these requirements

    Posted Mar 02, 2015 08:39 PM

    Hi Davis,

    Please help us how can we do this in SWG, is it possible to create both IP address + AD in a single rule.

    IP address + User (AD User) Authentication: User should only be able to user internet with given IP and his username. If one of the two does not match then browsing should not be allowed. 

    You have not suggested to save the logs for 6 months, Please share the limitation or any guideline on to this

    Solution should be able to log the user data for 6 months such that last 6 month usage report can be generated.



  • 4.  RE: Web gateway can support these requirements

    Broadcom Employee
    Posted Mar 06, 2015 01:28 PM

    There is no way to enforce an IP/username combo in order to allow web browsing. The SWG is not designed to be a device to keep people off the web, it is designed to keep them safe by scanning content they access and download.

    The incident history takes up a lot of space in the database and it is not designed to hold more than 10 million events (Depending on your hardware. If you are running on a virtual machine, the limit is 500k). Depending on your user's activity, this limit is usually reached in a month or two.

    You can always export the reports weekly. They are in CSV format, so they are easily parsed.