BIG-IP SWGS License
F5 BIG-IP Secure Web Gateway (SWG), also called F5 BIG-IP Secure Web Gateway Service (SWGS), is the main controller point in computer networks. That is, in the main way of passing the information of organizations in the network. Given their unique position in computer networks, F5 Networks products help organizations provide their users with high-capacity, high-performance web security on the same operating systems that organizations use to control applications.
The licensed F5 BIG-IP SWG is a high-performance, full-proxy security solution designed to protect centers from intrusions that enter the network through intrusion protocols.
How F5 Differs from Traditional Proxies
What distinguishes F5 Secure Web Gateway Services from traditional forwarding proxies? There are five main differences, and these differences are critical to understanding the ability of the F5 solution to complete a web security reference architecture.
Integrated Malware Detection
Traditional forward-proxy resolutions perform similar computer address filtering however need a further appliance or set of devices to perform malware detection. The Secure net entree Services solution integrates this practicality into a constant platform.
Scalability and Performance
The reference architecture for Secure Web Gateway Services provides a much higher scalability factor than traditional forwarding proxies.As a result, fewer devices can provide web security and the investment costs for the company are reduced.
The increasing use of SSL in all organizations requires a means of intercepting and inspecting outgoing SSL connections. Traditional solutions often include an F5 Application Delivery Controller (ADC) to perform this functionality. Consolidation gains are realized by integrating Secure Web Gateway Services into ADC’s core platform.
Federated Single Sign-On
The F5 solution and its licenses is currently the only solution on the market that integrates Federated Single Sign-On (SSO). This mature F5 technology enables an organization to create a captive portal page to authenticate users each morning and then provide SSO for the rest of the day, improving the user experience and saving valuable time.
Consolidation of security services
All of these outbound security services are available on all F5 platforms. The input security features are too. This means that consolidation for inbound and outbound access and security is available at the strategic control point of the network.
These differences enable licensed F5 Secure Web Gateway Services to provide a compelling architecture for both web security and application security.
Understanding Explicit and Transparent Proxies
F5 Secure Web Gateway Services can automatically act as a transparent forward proxy for all user requests that flow through it to the Internet. When used in this way, administrators do not need to make changes to individual device settings or group policies to intercept user sessions.
Secure Web Gateway Services can also act as an explicit proxy. Unlike transparent proxy mode, explicit forward proxy mode requires administrators to explicitly define the outbound forward proxy for each of the target devices / users on the network. While this sounds like more management overhead, organizations have found that explicit proxy mode offers significant and tangible security benefits. Secure Web Gateway Services automatically creates automatic configuration files in WPAD or PAC format. Otherwise, the explicit proxy setting can be removed through Group Policy or another enterprise management solution.
How F5 Customers Use Secure Web Gateway Services
The reference architecture for Secure Web Gateway Services assumes four typical customer scenarios. These scenarios are not mutually exclusive and are in fact generally in the same place.
Secure Web Gateway services protect users in the familiar enterprise environment.
The licensed F5 solution can limit bandwidth consumption by media content type, thereby influencing user behavior.
Acceptable Use Policy
Secure Web Gateway Services help organizations provide network access for visiting users while offloading much of the responsibility associated with adopting an acceptable use policy.
Payment Card Industry (PCI) guidelines related to credit card number security require servers within a Cardholder Data Environment (CDE) to use a forward proxy to access the update servers over the Internet.
BIG-IP SWGS License key features
All use cases for Secure Web Gateway Services are based on three security features: URL filtering, malware scanning, and reporting. These features are available by ordering and purchasing the licenses of this solution.
URL Categorization and Filtering
The most basic of these features is the URL categorization and filtering provided in Secure Web Gateway Services. A database of billions of rated and rated URLs is submitted to the Secure Web Gateway Services platform daily and updated every few minutes. This URL categorization database includes websites hosting malware, phishing proxies, or clickjacking websites and can be customized for company-specific content.
The URL categorization database can warn Secure Web Gateway Services that certain content should be subjected to additional malware scanning. The F5 solution can then intercept and examine malware payloads and links in popular file formats such as Adobe Flash and Adobe PDF.
In order to create good policies and comply with government and industry regulations, administrators need transparency. Because Secure Web Gateway Services is the strategic control point for outbound web access, it is the natural place to monitor and report on web usage trends. Some organization policies require that every request be logged, and some organizations only log the requests that trigger a risk alert. The F5 solution fits both. For example, popular reports available include a report that identifies users who are consuming the most bandwidth on the network.
Other key advantages of this solution include the following:
- Categorize and filter URLs
- Full SSL tracking capability
- Support for SSO functionality
- Ability to customize reports and system charts
- Integration of security services in TMOS operating system
- Optimizing network performance by increasing system security
- Integration with the company’s Active Directory to identify users