Hardware Security Module Versions for Secure Web Gateway
Several versions of a Hardware Security Module (HSM) offered as models by different vendors namely, Entrust, Thales-Luna, Fortanix DSM, and OpenSSL (built within SWG) are used in a solution with Secure Web Gateway (SWG) where private keys for secure connections are stored on the module. You can run various combinations of client software, which is installed together with Secure Web Gateway, and firmware versions.
The following tables show the HSM models that Skyhigh recommends for use with different client software and firmware versions. Loading and creating a Security World is also possible with firmware versions older than what is recommended, see the Remarks column.
Skyhigh recommends using an HSM module with:
-
Secure Web Gateway 12.2.18 or later
- Secure Web Gateway earlier than 12.2.17
They are based on testing performed before releasing a particular Secure Web Gateway version. Refer to your module vendor for compatibility changes that might have occurred later on.
IMPORTANT:
-
Entrust nShield SOLO XC is only compatible with specific versions. It is not supported in SWG 12.2.18, which includes Entrust Client v13.4.4. To ensure proper detection of the SOLO XC module, consider downgrading Entrust Client Software from v13.4.4 to v12.60. This solution remains effective only within the current version of SWG. Upgrading to the next higher version will reinstall the latest HSM client software (v13.4.4), which is not compatible.
- Skyhigh supports only qualified combinations listed for SWG HSM integrations. Contact the HSM vendor to verify forward compatibility with newer HSM firmware or client versions.
Secure Web Gateway 12.2.18 or Later
NOTE: In the SWG 12.2.18, the Entrust Client software is upgraded from v12.60 to v13.4.4 and the Thales Luna Client software is upgraded from v7.4.0-226 to v10.7.2-16.
| Vendor | HSM Model | HSM Client Software Version | HSM Firmware Version | Remarks on Security World Usage |
|---|---|---|---|---|
| Entrust | nShield 5c | 13.4.4 | 13.2.2 | The latest client software supports nShield 5c |
| Entrust | nShield SOLO XC | 13.4.4 | 12.60 |
The latest client software does not support nShield SOLO XC |
| Entrust | nShield Connect XC | 13.4.4 | 12.60 | The latest client software is compatible wii.e.Connect XC v12.60 |
| Thales/SafeNet/Gemalto | SafeNet NetHSM | 10.7.2-16 | 7.0.1 |
Secure Web Gateway Earlier Than 12.2.17
| Vendor | HSM Model | HSM Client Software Version | HSM Firmware Version | Remarks on Security World Usage |
|---|---|---|---|---|
| Entrust | nShield SOLO XC | 12.60 | 12.60 | Load and Create for version 2 supported with Client Software 12.60 and Firmware 12.60 Only Create for version 2 supported with Client Software 12.60 and Firmware 12.40 Load and Create for version 2 supported with Client Software 12.60 and Firmware 12.40 plus compatibility packs Load and Create for version 3 supported with Client Software 12.60 and Firmware 12.50 or later (tested with 12.60.9) |
| Entrust | nShield Connect XC | 12.60 | 12.60 | As above (Firmware to support Load and Create for version 3 tested with 12.60.10) |
| Thales/SafeNet/Gemalto | SafeNet NetHSM (Luna 7.2.0) |
7.4.0-226 | 7.0.1 | Not applicable |
Secure Web Gateway Earlier Than 10.2 (EOL)
| Vendor | HSM Model | HSM Client Software Version | HSM Firmware Version | Remarks on Security World Usage |
|---|---|---|---|---|
| Entrust | nShield SOLO XC | 12.40 | 3.4.2 | Load and Create supported for version 2 |
| Entrust | nShield Connect XC | 12.40 | 12.40 | As above |
| Thales/SafeNet/Gemalto | SafeNet NetHSM (Luna 7.2.0) |
7.4.0-226 | 7.0.1 | Not applicable |