Setup the Cloud for Hybrid
Configure the SWG Cloud for Hybrid
SCP has been configured to redirect traffic to the SWG cloud and the SWG appliance starts synchronizing its policy to your cloud tenant. Next, we will enable Hybrid Policy Routing for our lab client. This provides a (policy-)switch that routes the traffic our synchronized appliance policy. We will import this rule set and the policy from the library.
- Return to the Skyhigh Cloud Console
- Click Policy -> Web Policy -> Policy then select the “New Ruleset” Button in the top right corner and choose “Library ruleset”
- Select the “Hybrid Policy” ruleset and click Add
- Enable the “Hybrid Policy Routing” ruleset and select “On-Prem Policy” as your default
- Note that the appliance details from the sync are displayed
- Publish your change (Yellow shield)
Configure the SWG Cloud for Hybrid RBI
Next, we will implement a rule to take care of our RBI use case in the hybrid environment. This rule will bypass the appliance policy for URL with unverified risk and leverage the RBI capability in the cloud native policy. We will create a custom rule using the rule builder.
You have to implement a rule to take care of RBI in a hybrid environment because RBI is only available in the cloud native policy.
- Add a new rule in the “Hybrid Policy” branch
- Name it as you like, e.g. “RBI Hybrid”
- Click Criteria and search for “URL has unverified risk”
- Click Add Parameter and select “Default GTI Setting” -> Done -> Add
- Modify the Operator to “is” and the Value to “true” -> Done
- Select Action to “Stop ruleset” and select parent ruleset to “Hybrid Policy (level 1)” -> Done
- Publish your change (Yellow shield)