Workflow for Configuring Secure Web Gateway — Overview
How you configure Secure Web Gateway depends on the environment where you have set it up and what your requirements are regarding web security. After completing the initial setup, there is no fixed order of steps for completing this configuration.
The following are suitable high-level steps of a workflow for administrators in various environments and with different requirements.
-
Complete the initial setup.
During the initial setup, some basic system settings are configured such as host name, root password, and primary network interface. After completing this setup, you can log on to the user interface and continue with more configuration activities.
For more information about how to complete different types of installation procedures for this setup, see Installation. -
Configure network interfaces.
A primary network interface is already configured during the initial setup. On the user interface, you can configure more network interfaces using the Network Interfaces settings under Configuration > Appliances.
You can configure IP addresses, subnet masks, IP aliases, and other settings for these interfaces under IPv4 or IPv6.
For more information, see Configuring Network Interfaces. -
Configure proxies.
Proxies are set up on a Secure Web Gateway appliance to have web traffic redirected to them. This traffic is going on between users' systems that are configured as clients and websites that users request access to. The traffic is filtered and forwarded to its original destinations if the implemented web policy rules allow it.
On the user interface, you can configure proxies using the Proxies settings under Configuration | Appliances. You can set up different proxies for the different network protocols that web traffic follows, for example, HTTP, HTTPS, or FTP.
Proxies can run in different network modes, for example, in an explicit mode, where the clients are aware that they are redirected, or in a transparent mode, where they are unaware.
For more information, see Configure Proxies. -
Configure a cluster.
You can run multiple Secure Web Gateway appliances as nodes in a cluster and administer them using the Central Management functions of Secure Web Gateway.
On the user interface, you can configure a cluster using the Central Management settings and other options that are provided under Configuration | Appliances.
For example, you can add an appliance as a node to a cluster, create node groups, or generate certificates for running web traffic on connections that are secured under the SSL or TLS protocol.
For more information, see Cluster Configuration. -
Configure a web policy.
A web policy consists of web security rules that are processed to filter web traffic that is redirected to Secure Web Gateway.
Default rules grouped in rule sets that cover different fields of web security are implemented on Secure Web Gateway during the initial setup. They include, for example, an anti-malware rule that blocks the download of malware infected files to a users's system within your network.
You can modify or delete existing rules, import rules from libraries. and create your own rules. The Policy top-level menu of the user interface provides submenus with options for completing these activities.
Fore more information about how to configure rules in some important fields of web security, see Configure Anti-Malware Filtering, Configure URL Filtering, and Configure Media Type Filtering.
For an overview of all the rule sets that cover different fields of web security on Secure Web Gateway by default or are otherwise available, see Default Rule Set System and Rule Set Libraries. For information about how to configure rules for your web policy, see About Policy Configuration.