Hybrid SWG

Objective: Set up a hybrid SWG policy

Tasks

Access your virtual SWG appliance

Use the following credentials to log into your virtual appliance in AWS.

Username:

Password:

Select HTML5 to minimise compatibility issues within your browser.

Skyhigh Appliance login Skyhigh Appliance login

Connect your virtual SWG to your SSE tenant

In the main panel, select ‘Configuration’. Under ‘Cluster’ on the right hand side, you will see two hybrid options:

UCE Hybrid The idea behind “UCE Hybrid” is that you can synchronise lists from the cloud SWG to the appliance.

Web Hybrid The idea behind “Web Hybrid” is that you can manage your web security policy from your Secure Web Gateway (On-Prem), and it will sync to the Secure Web Gateway Cloud.

  1. Check the box for “Synchronize policy to Cloud”
  2. Select the appliance that should do the synchronization from the drop-down (only one appliance can do the synchronization in a cluster)
  3. Unless instructed otherwise in your account setup email, leave the Cloud address field at its default: policysync.skyhigh.cloud
  4. Enter your administrator account, password, and customer ID.
  5. Select the synchronization interval desired (We’ll use 10 minutes here).
  6. Ensure you click ‘Save Changes’, in the top right of the appliance GUI.

Web Hybrid Web Hybrid

Create a policy to be consistently applied on-prem, and in the cloud

  1. In Policy, select the ‘URL Filtering’ rule set, and select ‘Enable in Cloud’.
  2. Select the ‘Default’ rule within URL Filtering, and add a URL to the URL blocklist. (Click Edit, then the green plus under the ‘List content’ section)
  3. Save your changes.
  4. Verify that the communication with the Cloud Service is working by going to Troubleshooting > Synchronization to Cloud > Synchronize. Trigger your first sync by clicking ‘Synchronize’.

A successful synchronisation should end with a similar message as shown below.

Appliance sync verificaiton Appliance sync verificaiton

Test your policy

  1. Navigate to your Skyhigh cloud dashboard to ensure your hybrid policy has synced. Head to Policy > Web Policy > Policy. Expand your Hybrid Policy branch, and ensure your ‘Hybrid Policy Routing’ rule set shows a policy received, is turned on, and uses cloud policy as the default.

SSE sync verificaiton SSE sync verificaiton

  1. Use your provided client machine to navigate to your blacklisted site, and observe the page being blocked.

You are now consistently applying policy at your appliance and also in the cloud. This easy on-ramp to the cloud means you can take advantage of the Global Routing Manager, dynamic capacity management, minimalised latency and more that comes with adoption of the cloud for security services.