About the Hybrid Solution
You can run the on-prem version of the Secure Web Gateway product together with the cloud version, which is a part of the Security Service Edge (SSE) product suite, to filter web traffic in a hybrid mode. This solution is also known as the Hybrid solution.
This allows you to keep the web policy that you have set up on a Secure Web Gateway appliance for users who work in your organization on-prem. This policy is synchronized with the one that you have set up under the Secure Web Gateway cloud product for users who work with cloud services.
You can also select one of the two policies as default and still filter web traffic originating from some users, user groups, and locations under the other policy. The option to select a policy as default and configure exceptions is available under the cloud product.
If you want to implement the Hybrid solution, you need to complete configuration activities regarding the following items for the on-prem product:
-
Credentials — Provide credentials for the on-prem product to submit for authentication when connecting to the cloud product.
Authentication follows the process that you have configured for the Skyhigh Client Proxy (SCP) connectivity product, which is also included in the Security Service Edge product suite.
For more information, see Provide Credentials for Authenticating to SSE. -
Secure next-hop proxy — Set up a secure next-hop proxy to ensure traffic that goes from the on-prem to the cloud product is secure.
For more information, see Set Up a Secure Next-hop Proxy to Secure Traffic on a Hybrid Connection. - Synchronized lists — Enable the download of synchronized lists with user names, user groups, and other web objects from the cloud to the on-prem product and download them from there.
For more information, see Synchronize Lists for Your Web Policy When Using the Hybrid Solution.
You can also review traces and log files under the on-prem product to troubleshoot issues with the Hybrid solution. In addition to this, incident messages make you aware of issues with list synchronization. For more information, see Troubleshoot Issues with Synchronized Lists in a Hybrid Solution.
For the version of the Secure Web Gateway appliance software that is currently required to run it with the cloud product in a Hybrid solution, see Hybrid Mode.