Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

How Skyhigh Client Works

  1. Last updated
  2. Save as PDF

The Skyhigh Client is configured through the Skyhigh Security Service Edge (SSE) UI. The configuration section in the management console is modernized to support the advancements in the new Skyhigh Client. Configuring the Client involves admins setting up the tenant information, creating Client profiles and Client policies (traffic selection and forwarding preferences), and listing of gateways required for traffic forwarding. Once the policy is saved and published, the entire information is captured as a part of a single policy (a file with the.opg extension). This policy, defined at the group level, is applied to all endpoints regardless of their location — on-prem, off-network, or connected to on-prem via VPN. The network traffic from the endpoint is intercepted and securely relayed to an on-prem or a cloud gateway. Gateways enforce security controls based on applied policies.

clipboard_e83d282c33b9d087bc52c8acefbd67f2d.png

The Skyhigh Client introduces a decoupled architecture, separating Client configurations from traffic selection, in contrast to the Skyhigh Client Proxy, which features a basic UI where settings and list inputs were directly linked to traffic forwarding or bypass rules. Client settings are now organized into reusable Client profiles within the Skyhigh Client UI, allowing admins to create multiple profiles. The selection and forwarding of traffic are managed independently through policies that are configurable in the UI. Each policy is associated with a single Client profile that enables the reuse of the same profile across multiple policies, for example, the region, group-specific configurations, or cloning and modifying profiles to use with different policies, such as those for partners or contractors.

The traffic redirection of the Skyhigh Client works as per the policy when corporate network connectivity is detected directly or via VPN. For endpoints within the network, Cloud Firewall connectivity is possible directly or via a SOCKS-enabled Skyhigh Secure Web Gateway on-premises, and for endpoints off the network, the traffic is forwarded by the Skyhigh Client to the nearest Skyhigh Security Edge instance.

NOTE: Installation of Skyhigh Client is similar to the existing Skyhigh Client Proxy. For more details, see Set up Client Proxy.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.