Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Firewall Configuration Examples

  1. Last updated
  2. Save as PDF

Configuration on the Cloud Firewall

Following are the necessary configurations on the Client Proxy policy policy and on the Firewall Settings tab to redirect traffic via firewall:

NOTE: Configure firewall settings in the same Client Proxy policy in which you have configured the bypass list.

  1. Go to Settings > Infrastructure  > Client Proxy Management

1.png

  1. In SCP Configuration page, go to Configuration Policies, and choose the required policy. Click Firewall Settings tab.
    2.png
  2. In the Firewall Redirection mode section, select one of the following:
  • Send All Traffic to Firewall — Sends all traffic to Cloud Firewall. You can configure domains, IP addresses, ports, and processes in the Firewall Exception List to bypass the Cloud Firewall.
    send to all 1.png

In the The Gateway is enabled. Before you save the configuration, follow these steps note, you can click steps to check the configuration details.

3.png

  • Exclude All Traffic from Firewall — No traffic is passed to Cloud Firewall. When you select this option, Cloud Firewall policy stands down and all traffic is managed by Client Proxy policy. However, you can configure domains, IP addresses, ports, and processes in the Firewall Exception List to redirect traffic through the Cloud Firewall.
    exclude 1.png

NOTE

  • Ports and Processes are not supported in macOS for traffic redirection through Firewall. Port and Process information is constraint in the macOS Framework.
  • Cloud Firewall Policy supports IP Address, Domain, Port based actions (Allow, Block, Drop, Allow with Web Policy), apart from Process Name in macOS Framework.

Cloud Firewall Configuration Examples

Here are the different Cloud Firewall configuration examples:

Send all traffic to Web Proxy
Client Proxy Configuration​
  • Set up Client Proxy to intercept web traffic on port 80,443 or any custom port.
  • Add proxy bypass to the traffic which needs to be bypassed
Firewall Settings Set the Firewall Enabled setting to OFF
Outcome
  • All web traffic is intercepted and goes to Client Proxy
  • Bypassed Traffic will go directly
Send all traffic to Cloud Firewall​
Client Proxy Configuration​

Do one of the following:

  • In the Proxy Bypass tab, bypass all the web traffic you want to send to the Firewall.
  • Create a dummy gateway (DIRECT.SCP) and select that as the Primary Gateway.
Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Send All Traffic to Firewall
  • Leave the Firewall Exception List empty, in case you require DNS/additional services to be bypassed they can be added in Firewall Exception List.
Outcome All traffic goes via Cloud Firewall​ and no traffic goes to Client Proxy 
Bypass Zoom and Teams traffic at proxy and send via Cloud Firewall
Client Proxy Configuration​

  • Regular Client Proxy configuration​ on port 80 and 443

  • Configure bypass list with Zoom and Teams related domains, IP addresses and Process.

Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Send All Traffic to Firewall
  • Leave the Firewall Exception List empty in case you require DNS/additional services to be bypassed they can be added in Firewall Exception List.
Outcome Zoom and Teams traffic is forwarded to Cloud via Cloud Firewall
Forward Zoom traffic via Cloud Firewall, certain domains to local Proxy and bypass certain domains to Internet directly
Client Proxy Configuration​
  • Enable List based redirection using Alternate Gateway.

  • Add the domains to be redirected to local proxy in the Alternate Gateway redirection lists

  • Bypass Zoom based domains, or IP addresses, or processes
  • Bypass traffic that needs to directly go to internet

Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Send All Traffic to Firewall
  • Configure the entries that should bypass the Cloud Firewall in the Firewall Exception List
Outcome Domains added to the Alternate redirection list will go to the local proxy, and Zoom traffic is forwarded via Cloud Firewall and traffic configured in the Firewall Exception List will be bypassed and sent directly.
Send specific traffic via Cloud Firewall and bypass the rest
Client Proxy Configuration​

Do one of the following:

  • In the Proxy Bypass tab, bypass all the web traffic you want to send to the Firewall.
  • Create a dummy gateway (DIRECT.SCP) and select that as the Primary Gateway.

Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Exclude All Traffic from Firewall
  • Configure the entries that should bypass the Cloud Firewall in the Firewall Exception List 
Outcome Traffic configured in the Firewall Exception list will go via Cloud Firewall and rest is bypassed.