Broadcom Edge Device Integration
You can integrate Skyhigh Cloud Connector with Broadcom proxy server in order to create multiple Broadcom policies based on Skyhigh CASB Service Groups. When policies are updated, you can configure notifications and approvals to be sent to alert your admin, and they can approve those changes in the Firewall/Proxy Integration section of the Skyhigh CASB dashboard.
Prerequisites
Make sure your Skyhigh Cloud Connector is installed and started. It must be active to be integrated with Broadcom.
Create Service Groups
Create Service Groups to use with your Broadcom Integration.
Define the Broadcom Edge Device Integration
Use the wizard to Integrate your Edge Device.
Once it is integrated, on the Firewall/Proxy Integration page, click Published URL List to display the URL(s) you will use to synchronize the edge device server.
This URL query string includes your Cloud Connector's symbolic server name and your edge device ID. If you have multiple Cloud Connectors are installed and pointing to this tenant, they will all be listed here.
Configure the Broadcom Proxy Server
Create a Custom Category
To create a custom category:
- Launch the Broadcom proxy server either by IP address or by domain name using the proxy administrative URL: https://proxyhost_or_IP:8082.
NOTE: This is the default port. If a custom port is being used by the proxy, replace 8082 with the custom port.
- Go to Configuration > Content Filtering > General and for Local database select Enable.
- Go to Configuration > Content Filtering > Local Database.
- In the URL field, enter the URL for your instance of Cloud Connector, which is https://enterpriseconnector_symboliclink.do.myshn.net:8443/custom.
(The Cloud Connector symbolic link is determined during setup.) - Activate Automatically check for updates.
- Click Download now to retrieve the most recent URL listing from Skyhigh CASB.
- If the custom category URL list is downloaded correctly, then you will get a success message. Click OK. If there is a failure, make sure that the hostname or IP address of the Cloud Connector is correct.
- To enable the local database content filtering, under Content Filtering select General, and then click Use local database.
The custom category has now been configured.
Create a Content Filtering Policy
The next step is to create a content filtering policy using the local database.
- Select Policy > Visual Policy Manager.
- For the Visual Policy Manager, click Launch. Then select the Web Access layer.
- From within the Visual Policy Manager, select the Web Access Layer tab.
- Click Add Rule.
- Once the layer is created, select the Destination Object, right-click, and select Set. The Set Destination Object window will open.
- Select the name of your custom category (for example, shn-denied) and click OK.
- After you have defined the destination as shn-denied, for Action, select Deny.
- From the Visual Policy Manager, click Install Policy for the changes to take affect.
- Go to Configuration > Content Filtering > Local Database.
- For URL, enter the URL for the Skyhigh CASB Firewall/Proxy Integration screen.
- Click Apply, and click Save.
Approve Service Group Changes
If your organization has decided to manually approve changes, you'll see when changes are pending in the Firewall/Proxy Integration page. Changes for each device are listed; updating each device happens separately. For details, see Approving Service Group Changes to Edge Devices.