M86 Security SWG User manual

Secure Web Gateway

SWG User Guide

Release 10.2.0 • Manual Version v 10.2.0.1

SWG User Guide

Copyright2

M86 SECURITY SECURE WEB GATEWAY

SWG USER GUIDE

©2012M86Security

Allrightsreserved.

828W.TaftAve.,Orange,CA92865,USA

Version10.2.0.1,publishedFebruary2012forSWGsoftwarerelease10.2.0.

Thisdocumentmaynot,inwholeorinpart,becopied,photocopied,reproduced,translated,or

reducedtoanyelectronicmediumormachinereadableformwithoutpriorwrittenconsentfrom

M86Security.

Everyefforthasbeenmadetoensuretheaccuracyofthisdocument.However,M86Securitymakes

nowarrantieswithrespecttothisdocumentationanddisclaimsanyimpliedwarrantiesof

merchantabilityandfitnessforaparticularpurpose.M86Securityshallnotbeliableforanyerror

orforincidentalorconsequentialdamagesinconnectionwiththefurnishing,performance,oruse

ofthismanualortheexamplesherein.Duetofutureenhancementsandmodificationsofthis

product,theinformationdescribedinthisdocumentationissubjecttochangewithoutnotice.

Trademarks

Otherproductnamesmentionedinthismanualmaybetrademarksorregisteredtrademarksof

theirrespectivecompaniesandarethesolepropertyoftheirrespectivemanufacturers.

SWG User Guide

Table of Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

PART 1: Initial Management Console Tasks . . . . . . . . . . . . . . . . . . . . . 9

Chapter 1. Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Performing Preliminary Tasks . . . . . . . . . . . . . . . . . . . . . . . 10

Performing First Time Login, Password Change, and License In-

stallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Configuring The Mail Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Performing Basic Tasks in the Management Console . . . . . 12

Logging In and Logging Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Changing Your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Committing Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Working in Multiple Windows . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Relocating an Item in a Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Customizing the Management Console Toolbar . . . . . . . . . . . . .13

Using Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Chapter 2. Configuring / Adding Scanning Servers . . . . . . . . . . . . . . 15

Configuring Device General Settings . . . . . . . . . . . . . . . . . . 15

Adding Devices and Device Groups. . . . . . . . . . . . . . . . . . . 17

Moving Scanning Servers To a Different Group . . . . . . . . . 18

PART 2: Implementing User Security Policies. . . . . . . . . . . . . . . . . . . 19

Chapter 3. Defining and Customizing Security Policies. . . . . . . . . . . 20

Editing a Pre-supplied Security Policy in Simplified Mode. 21

Defining a Security Policy in Advanced Mode . . . . . . . . . . 22

Defining a Rule in a Security Policy . . . . . . . . . . . . . . . . . . 22

Defining Conditions in a Security Policy Rule. . . . . . . . . . . 24

Creating a Block/Warn Message . . . . . . . . . . . . . . . . . . . . . 25

SWG User Guide

Table of Contents4

Editing a Message Template. . . . . . . . . . . . . . . . . . . . . . . . . 26

Chapter 4. Defining and Managing Users . . . . . . . . . . . . . . . . . . . . . . 27

Setting Default User Policy Assignments . . . . . . . . . . . . . . 28

Defining and Managing LDAP Users . . . . . . . . . . . . . . . . . 29

Adding and Configuring LDAP Directories . . . . . . . . . . . . . . . .29

Importing LDAP Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Configuring LDAP Group Settings. . . . . . . . . . . . . . . . . . . . . . . .31

Importing LDAP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Setting a Schedule For LDAP Directory Update. . . . . . . . . . . . .32

Assigning Policies to Unassigned LDAP Users . . . . . . . . . . . . . .33

Defining and Managing M86 (Non-LDAP) Users . . . . . . . . 33

Creating/Configuring User Groups . . . . . . . . . . . . . . . . . . . . . . .33

Adding and Defining Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Moving Users To a Different Group . . . . . . . . . . . . . . . . . . . . . . .36

Defining User Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

PART 3: Configuring Advanced Network Settings . . . . . . . . . . . . . . . 38

Chapter 5. Implementing Identification Policy. . . . . . . . . . . . . . . . . . 39

Defining and Customizing Identification Policy . . . . . . . . . 39

Defining an Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Chapter 6. Implementing Authentication . . . . . . . . . . . . . . . . . . . . . . 43

Configuring Default and Scanning Server Authentication. . 43

Chapter 7. Defining and Customizing Upstream Proxy Policy . . . . . 46

Defining an Upstream Proxy Policy. . . . . . . . . . . . . . . . . . . 46

Defining a Rule in an Upstream Proxy Policy . . . . . . . . . . . 48

Defining Conditions in an Upstream Proxy Rule. . . . . . . . . 49

Chapter 8. Enabling and Customizing Caching . . . . . . . . . . . . . . . . . 50

Enabling Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

SWG User Guide

Table of Contents

Defining a Caching Policy . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Defining a Rule in a Caching Policy . . . . . . . . . . . . . . . . . . 52

Defining Conditions in a Caching Rule . . . . . . . . . . . . . . . . 53

Chapter 9. Assigning Policies To Devices . . . . . . . . . . . . . . . . . . . . . . 54

Setting Device Policy Defaults . . . . . . . . . . . . . . . . . . . . . . . 54

Assigning Policies to Specific Devices . . . . . . . . . . . . . . . . 55

PART 4: Configuring Logging and Alert Settings . . . . . . . . . . . . . . . . 56

Chapter 10.Defining and Customizing Logging Policy . . . . . . . . . . . . 57

Defining a Logging Policy . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Defining a Rule in a Logging Policy . . . . . . . . . . . . . . . . . . 58

Defining Conditions in a Logging Rule . . . . . . . . . . . . . . . . 59

Chapter 11.Configuring the Log Server . . . . . . . . . . . . . . . . . . . . . . . . 61

Configuring Log Server Settings . . . . . . . . . . . . . . . . . . . . . 61

Chapter 12.Configuring Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Assigning Alert Channels to Event Types . . . . . . . . . . . . . . 66

Configuring SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . 67

Setting Thresholds For Security Alert Notification . . . . . . . 69

PART 5: Performing Monitoring And Maintenance . . . . . . . . . . . . . . 70

Chapter 13.Viewing Security and Component Statuses at a Glance . 71

Viewing Security Status Information (Dashboard) . . . . . . . 71

Viewing Dynamic Component Information . . . . . . . . . . . . . 72

Chapter 14.Viewing Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Viewing Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Creating, Editing, and Managing Log Profiles . . . . . . . . . . . 74

SWG User Guide

Table of Contents6

Viewing Transaction Details (Web Log only) . . . . . . . . . . . 76

Chapter 15.Implementing ICAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Configuring SWG To Provide ICAP Services . . . . . . . . . . . 77

Configuring SWG To Use External ICAP Services. . . . . . . 78

Configuring the ICAP Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

Defining ICAP Service Groups . . . . . . . . . . . . . . . . . . . . . . . . . . .79

Defining an ICAP Forward Policy . . . . . . . . . . . . . . . . . . . . . . . .81

Chapter 16.Viewing and Working With Reports . . . . . . . . . . . . . . . . 84

Running and Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . 84

Creating or Modifying Report Definitions . . . . . . . . . . . . . . 85

Managing Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Defining Report Schedules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Adding Report Shortcuts to the Favorites Folder . . . . . . . . . . . .88

Viewing a Report’s History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Exporting Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Chapter 17.Maintaining Your System . . . . . . . . . . . . . . . . . . . . . . . . . 91

Performing Manual Backup and Restore . . . . . . . . . . . . . . . 91

Viewing and Installing Updates . . . . . . . . . . . . . . . . . . . . . . 92

Importing From and Exporting Policy Databases . . . . . . . . 94

PART 6: Performing Advanced Configuration . . . . . . . . . . . . . . . . . . 96

Chapter 18.Defining Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Creating/Editing an Administrator Group . . . . . . . . . . . . . . 98

Creating/Editing an Administrator . . . . . . . . . . . . . . . . . . . . 99

Setting Access Permissions . . . . . . . . . . . . . . . . . . . . . . . . 100

Configuring RADIUS Server Authentication. . . . . . . . . . . 101

Chapter 19.Performing Additional Configuration Tasks . . . . . . . . . 103

Adjusting Network Settings For a Device . . . . . . . . . . . . . 103

SWG User Guide

Table of Contents

Configuring A Device To Use An NTP Server . . . . . . . . . 105

Configuring Administrative Settings . . . . . . . . . . . . . . . . . 106

Importing Digital Certificates. . . . . . . . . . . . . . . . . . . . . . . 107

Configuring Backup Settings . . . . . . . . . . . . . . . . . . . . . . . 108

Configuring Automatic Update Handling. . . . . . . . . . . . . . 109

Defining and Customizing Device Logging Policy . . . . . . 110

Defining a Device Logging Policy . . . . . . . . . . . . . . . . . . . . . . . .110

Defining a Rule in a Device Logging Policy . . . . . . . . . . . . . . . .110

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Configuring Default and Device-Specific Access Lists . . . 112

Configuring Transparent Proxy Mode . . . . . . . . . . . . . . . . 113

Scheduling Configuration And Security Updates for Scanning

Server Device Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Implementing High Availability. . . . . . . . . . . . . . . . . . . . . 114

Modifying LDAP Directory Advanced Settings . . . . . . . . 115

Chapter 20.Enabling HTTPS Scanning . . . . . . . . . . . . . . . . . . . . . . . 117

Defining an HTTPS Policy . . . . . . . . . . . . . . . . . . . . . . . . . 117

Defining a Rule in an HTTPS Policy. . . . . . . . . . . . . . . . . . . . . .118

Defining Conditions in an HTTPS Rule . . . . . . . . . . . . . . . . . . .119

Configuring and Certifying HTTPS . . . . . . . . . . . . . . . . . . 120

Chapter 21.Implementing Cloud Security . . . . . . . . . . . . . . . . . . . . . 122

Configuring Cloud Settings in Internal Mode . . . . . . . . . . 124

Configuring Cloud Settings in PKI Mode . . . . . . . . . . . . . 127

Certifying and Managing Cloud Users . . . . . . . . . . . . . . . . 131

Defining a Private Cloud Scanner . . . . . . . . . . . . . . . . . . . 134

SWG User Guide

About This Guide8

BOUT

HIS

UIDE

TheSWGUserGuideprovidestheproceduresthatyouperformontheManagementConsoleto

implement,use,andmaintainSecureWebGateway(SWG)inyourorganization.TheManagement

ConsoleisyourinterfacetoSWG.

Itisimportanttonotethatthisguideisnotareferenceguide.Itdoesnotprovideadetailed

descriptionofallscreensandfields.Nordoesitprovideadetaileddescriptionofconceptsthat

applytoSWGandtheManagementConsole.Forthatinformation,youshouldseetheManagement

ConsoleReferenceGuide.

Thisguideassumesthat:

• youhavealreadyinstalledtheSecureWebGatewayinyourorganization.Forinstallationinstruc‐

tions,seetheSecureWebGatewayInstallationGuide.

• youhavesetuptheSWGusingtheLimitedShell,Forsetupinstructions,seetheSecureWeb

GatewaySetupGuide.

• youhavealreadyplannedoutyoursecurityneeds.

ThisguideisdividedintoPartsandChapters.Thesepartsandchaptersareorganizedinthe

sequenceinwhichyouarelikelytousethemwhenfirstimplementingSWG.Youcan,ofcourse,use

anyprocedureatanytimethatyouneed.

SWG Documentation Set

TheSWGdocumentationsetincludesthefollowingguides:

•SecureWebGatewayInstallationGuide

•SecureWebGatewaySetupGuide

•ManagementConsoleReferenceGuide

•ManagementConsoleUserGuide

•SecureWebGatewayUserSecurityPoliciesInDepthGuide

•SecureWebGatewayUserIdentificationGuide

SWG User Guide

PART 1: Initial Management Console Tasks

PART 1: I

NITIAL

ANAGEMENT

ONSOLE

ASKS

Thispartcontainsthefollowingchaptersandprocedures:

•Chapter1:GettingStarted

•PerformingPreliminaryTasks

•PerformingFirstTimeLogin,PasswordChange,andLicenseInstallation

•ConfiguringTheMailServer

•PerformingBasicTasksintheManagementConsole

•LoggingInandLoggingOut

•ChangingYourPassword

•CommittingChanges

•WorkinginMultipleWindows

•RelocatinganIteminaTree

•CustomizingtheManagementConsoleToolbar

•UsingKeyboardShortcuts

•Chapter2:Configuring/AddingScanningServers

•ConfiguringDeviceGeneralSettings

•AddingDevicesandDeviceGroups

•MovingScanningServersToaDifferentGroup

Chapter 1: Getting Started 10

HAPTER

1:

ETTING

TARTED

Thischaptercontainsthefollowingtopics:

•PerformingPreliminaryTasks

•PerformingBasicTasksintheManagementConsole

Performing Preliminary Tasks

NOTES:ThisguideinstructionsforproceduresthatyouperformontheManagement

Console.ItdoesnotprovidedetaileddescriptionsofManagementConsoleconcepts,screens,

orfields.Forthatinformation,refertotheManagementConsoleReferenceGuide.

Thissectioncontainsthefollowingtopics:

•PerformingFirstTimeLogin,PasswordChange,andLicenseInstallation

•ConfiguringTheMailServer

Performing First Time Login, Password Change, and

License Installation

WhenloggingontotheManagementConsoleforthefirsttime:

1. Inyourwebbrowser,enterhttps://<applianceIPaddress>.

2. Ifanalertmessageidentifiesaproblemwiththewebsite(forexample,itssecuritycertificate),

continuetothewebsite,eveniftheoptionsaysthatthisisnotrecommended.

TheLoginwindowisdisplayed.

Beforeperformingthepreliminarytaskslistedhere,ensurethat:

•SWGhasbeeninstalled.Forinstallationinstructions,seetheSecureWebGateway

InstallationGuide.

• Limitedshellsetuphasbeenperformed.Forsetupinstructions,seetheSecureWeb

GatewaySetupGuide.

•YouhavetheLicensekeyforSWG.

•YouhaveaddedthePolicyServerIPtotheProxyServerExceptionsinyourinternet

settings.AddingthePolicyServerIPisoptionalbutitwillensureoptimumperformance.

Other manuals for SWG

Table of contents

Other M86 Security Gateway manuals

M86 Security

M86 Security SWG User manual

Popular Gateway manuals by other brands

LST

LST M500RFE-AS Specification sheet

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual

Mitsubishi Heavy Industries

Mitsubishi Heavy Industries Superlink SC-WBGW256 Original instructions

ZyXEL Communications

ZyXEL Communications ZYWALL2 ET 2WE user guide

Telsey

Telsey CPVA 500 - SIP Technical manual

RTA

RTA 460A-NNA4 Product user guide

Shaw

Shaw Gateway HDPVR user manual

ABB

ABB VSN900 Commissioning manual

Commander

Commander Pulse owner's manual

2N Telekomunikace

2N Telekomunikace ATEUS EasyGate 501309E manual

NETGEAR

NETGEAR C6300BD installation guide

Amit

Amit CDW531AM user guide

HMS

HMS Netbiter EasyConnect EC150 user manual

Huawei

Huawei EchoLife HG620 user guide

AT&T

AT&T U-verse 3801 Replacement self-installation guide

Logic IO

Logic IO RTCU MX2 turbo Technical manual

Suttle

Suttle MediaMAX MXM-521 installation instructions