With BIG-IP® system Secure Web Gateway (SWG), you can create a configuration to protect your Internet network assets and end users from threats and enforce a rightful use and compliance policy for Internet access. Users that access the Internet from the enterprise go through SWG, which allows or blocks access to certain URL categories. When recommended or configured to do so, SWG analyzes the content in the request and the response to determine whether it represents a threat, and to block access if needed.
SWG supplies over 150 URL categories and identifies over 60 million URLs that fit within these categories. In addition, you can create custom categories if needed and add URLs to any category, custom or otherwise. You can also use custom categories to define blacklists and whitelists.
SWG supplies default URL filters as a starting point for your configuration. For example, the URL filter named default blocks the majority of inappropriate websites. You can use any default filter as a starting point from which to define your own URL filters to reflect your acceptable use policies.
When you are done configuring URL filters, you can group them and schedule them into SWG schemes. In an SWG scheme, you select and schedule URL filters so that at any time of day during a week, only one URL filter is actively being enforced. You can configure different schemes for different groups of users. In a scheme, you specify URL filters that you want to apply at specific periods in the day or and on specific days of the week.
When you are done, you have SWG schemes that you can assign to users when they access the Internet.
Use these tasks to download URL categories initially, to refresh them over time, and to specify URL filters that support your rightful use and compliance policy. Before you begin, the BIG-IP system must be licensed and provisioned to support URL categorization.
Secure Web Gateway (SWG) supports HTTP and HTTPs-based instant messaging protocols. As a result, when you use the Instant Messaging URL category to block messages, SWG can block messages to ICQ, for example, but cannot block messages from applications that use non-standard ports or tunneling over HTTP, such as, Yahoo Messenger, Skype, Google Talk, and so on.
Similarly, SWG cannot block messages from file-sharing and peer-to-peer protocols that do not use HTTP or HTTPs; most such protocols do not use either HTTP or HTTPs.
Now you have BIG-IP® Secure Web Gateway (SWG) configured to regularly download updates to URL categories. Schemes are configured and ready to be added to access policies.
When you deploy Secure Web Gateway (SWG), the database downloads output messages to the /var/log/apm file. This table lists messages that are available only when you enable debug.
|Transfer Status 247||The file is transferred successfully to the BIG-IP® system. If you see a Transfer Status other than 247, it might indicate an error.|
|RTU Type||The RTU Type is always 1. If you see an RTU Type other than 1, it might indicate an error.|
|Expiration Date||The BIG-IP system does not use the expiration date in this message. Instead, the BIG-IP system enforces the SWG license and the database download works accordingly.|