Setup the Cloud for Hybrid

Configure the SWG Cloud for Hybrid

SCP has been configured to redirect traffic to the SWG cloud and the SWG appliance starts synchronizing its policy to your cloud tenant. Next, we will enable Hybrid Policy Routing for our lab client. This provides a (policy-)switch that routes the traffic our synchronized appliance policy. We will import this rule set and the policy from the library.

  1. Return to the Skyhigh Cloud Console
  2. Click Policy -> Web Policy -> Policy then select the “New Ruleset” Button in the top right corner and choose “Library ruleset”

New Ruleset Hybrid New Ruleset Hybrid

  1. Select the “Hybrid Policy” ruleset and click Add

New Ruleset Hybrid add New Ruleset Hybrid add

  1. Enable the “Hybrid Policy Routing” ruleset and select “On-Prem Policy” as your default

Hybrid Routing Hybrid Routing

  1. Note that the appliance details from the sync are displayed
  2. Publish your change (Yellow shield)

Configure the SWG Cloud for Hybrid RBI

Next, we will implement a rule to take care of our RBI use case in the hybrid environment. This rule will bypass the appliance policy for URL with unverified risk and leverage the RBI capability in the cloud native policy. We will create a custom rule using the rule builder.

You have to implement a rule to take care of RBI in a hybrid environment because RBI is only available in the cloud native policy.

  1. Add a new rule in the “Hybrid Policy” branch

New Rule for RBI Hybrid New Rule for RBI Hybrid

  1. Name it as you like, e.g. “RBI Hybrid”
  2. Click Criteria and search for “URL has unverified risk”
  3. Click Add Parameter and select “Default GTI Setting” -> Done -> Add
  4. Modify the Operator to “is” and the Value to “true” -> Done
  5. Select Action to “Stop ruleset” and select parent ruleset to “Hybrid Policy (level 1)” -> Done

New Rule for RBI Hybrid final New Rule for RBI Hybrid final

  1. Publish your change (Yellow shield)