Workflow for Setting Up Secure Web Gateway — Overview

Tasks for All Setup Scenarios 

These tasks are part of all scenarios for setting up Secure Web Gateway.

• Configure Skyhigh Client Proxy (SCP) — This product enables the forwarding of web traffic from the systems that are the endpoints of your network to Secure Web Gateway, see step 2 of the workflow.

• Configure connectivity settings — These are settings for connecting the locations of your network to Secure Web Gateway, see step 4 of the workflow. 
  
  For example, configure IP address ranges that you consider safe to send web traffic from, or configure IPsec and GRE tunnels to have web traffic routed through them. 

Tasks for Your Particular Requirements

You can complete more setup tasks to meet your particular requirements.

For example, to extend the protection against web threats that is ensured by Secure Web Gateway to mobile devices, configure Mobile Cloud Security (MCS).

Workflow

Follow this workflow to complete tasks for all setup scenarios and for your particular requirements.

The tasks are listed in the order they appear in on the setup main page for Secure Web Gateway.

1. On the user interface for Secure Web Gateway, place your mouse pointer over the settings icon in the top right corner, then select Infrastructure > Web Gateway Setup from the drop-down menus.
   
   The setup main page opens. Its title is Secure Web Gateway Setup.
   
   

2. Using the options provided under Configure SCP at the top of the page, configure Skyhigh Client Proxy.
   
   This product is installed as client software on the systems that are the endpoints of your network. It forwards web traffic from these endpoints to Secure Web Gateway.
   
   For more information, see the Skyhigh Client Proxy main section of this documentation.

3. If you want to have a workaround in place to be performed when Skyhigh Client Proxy cannot retrieve user group information, enable directory lookups. User group information is needed to select an appropriate web policy.
   
   Use the options provided under Enable Active Directory User Group Lookup to complete this task. 
   
   For more information, see Configure Active Directory Lookups for User Groups.

4. Using the options provided under Configure Locations, configure settings for connecting the locations of your network to Secure Web Gateway. 
   
   To set up these connections, configure mapping in at least one of the following ways:
   
   

   • Configure IP address ranges — Web traffic sent from within IP addresses ranges that you configure because you consider them safe is routed to Secure Web Gateway. 
     
     For more information, see About Configuring IP Address Ranges.

   • Configure an IPsec tunnel — Web traffic is routed through this tunnel to Secure Web Gateway. 

     For more information, see About Configuring an IPsec tunnel.

   • Configure GRE tunnels — Web traffic is routed through these tunnels to Secure Web Gateway. 

     For more information, see About Configuring GRE Tunnels.

5. If you want to add SAML authentication to the methods of authenticating users who send requests to access the web, configure this authentication method.
   
   Use the options provided under Set Up SAML to complete this task.
   
   For more information, see Configure SAML Authentication for Secure Web Gateway.

6. Adding the SAML authentication method and filtering web traffic going on under HTTPS requires certificates that have been signed by a certificate authority (CA).
   
   Use the options provided under Managing Certificate Authorities for HTTPS Scanning to manage these certificates.
   
   For more information, see About Managing Certificate Authorities.

7. If you want to make sure that log data is stored in a particular region, configure log data residency. This allows you, for example, to comply with regulations requiring that log data must be stored in the region where it originates.
   
   Use the options provided under Log Data Residency to complete this task.
   
   For more information, see Configure Log Data Residency.

8. If you want to extend the protection against web threats that is ensured by Secure Web Gateway to traffic originating from the mobile devices of cloud users in your organization, configure Mobile Cloud Security (MCS).
   
   Use the options provided under Skyhigh Mobile Cloud Security to complete this task.
   
   For more information, see About Skyhigh Mobile Cloud Security and Configure Skyhigh Mobile Cloud Security. 

9. If you want to configure a profile for a device that enables access from this device under the criteria of a Private Access security policy, configure a device profile.
   
   Use the options provided under Configure Device Profile to complete this task.

10. Under Import On-prem Policy, you can import a web policy that you have configured using the Secure Web Gateway on-prem product.
    
    After the import, this web policy provides protection against threats that arise when cloud users of your organization access the web.
    
    For more information about how to complete this import, see Import an On-prem Web Policy.

11. Under Back Up and Restore Secure Web Gateway, you can handle the web policy that you have configured using this Secure Web Gateway cloud product.
    
    You can back up your web policy and restore the backup at a later point in time. You can also restore the default settings, which were preconfigured for your web policy after the initial setup.
    
    For more information, see About Backing Up and Restoring Secure Web Gateway.

When you have completed all tasks needed to set up Secure Web Gateway and to meet your particular requirements, you can continue with configuring your web policy.

For more information, see About Configuring a Web Policy.