Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

How Skyhigh Client Works

  1. Last updated
  2. Save as PDF

The Skyhigh Client is configured through the Skyhigh Security Service Edge (SSE) UI. The configuration section in the management console is modernized to support the advancements in the Skyhigh Client . Configuring the Client involves admins setting up the tenant information, creating Client profiles and Client policies (traffic selection and forwarding preferences), and listing of gateways required for traffic forwarding. Once the policy is saved and published, the entire information is captured as a part of a single policy (a file with the.opg extension). This policy, defined at the group level, is applied to all devices regardless of their location — on-prem, off-network, or connected to on-prem via VPN. The network traffic from the device is intercepted and securely relayed to an on-prem or a cloud gateway. Gateways enforce security controls based on applied policies.

clipboard_e83d282c33b9d087bc52c8acefbd67f2d.png

The Skyhigh Client t introduces a decoupled architecture, separating Client configurations from traffic selection, in contrast to the Skyhigh Client Proxy, which features a basic UI where settings and list inputs were directly linked to traffic forwarding or bypass rules. Client settings are now organized into reusable Client profiles within the Skyhigh Client UI, allowing admins to create multiple profiles. The selection and forwarding of traffic are managed independently through policies that are configurable in the UI. Each policy is associated with a single Client profile that enables the reuse of the same profile across multiple policies, for example, the region, group-specific configurations, or cloning and modifying profiles to use with different policies, such as those for partners or contractors.

The traffic redirection of the Skyhigh Client functions as per the policy when corporate network connectivity is detected directly or via VPN. For devices within the network, Cloud Firewall connectivity is possible directly or via a SOCKS-enabled Skyhigh Secure Web Gateway on-premises, and for devices off the network, the traffic is forwarded by the Skyhigh Client to the nearest Skyhigh Security Edge instance.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.