Guides
Log In
Guides

Secure Web Gateway

Suggest Edits

The Secure Web Gateway feature enhances admins’ control over user web access. You can set secure web gateway policies that will be enforced in Cyolo Connect - for example, to exclude gambling or adult websites.

From the Secure Web Gateway screen, you can create a new secure web gateway policy, define identities and conditions under which this policy will apply, and link the secure web gateway action policy that you created in Policy Actions.

  1. Go to Secure Web Gateway from the left menu, and click New at the top right of the screen.

  2. Add a name and description.

  3. In the Identities area, select either Any authenticated identity or Specific identities.

When selecting Specific identities, you will be able to add users and groups:

  1. In the (optional) Network Indicator section, enter a:
    • URL address: When selecting a network indicator, a URL address must be defined.
    • Network name: To be displayed to Cyolo Connect users that are assigned to this policy.
  1. In the Network Policy section, apply either:
    • Unrestricted connectivity - No network access restrictions are applied. Select this option to apply no restrictions to the device’s outbound access. All traffic, including ping, DNS resolution, and internet traffic, is allowed.
    • Restricted connectivity - Network access restrictions are applied. Select this option to block all outbound traffic from the device. This includes ping, DNS resolution, and internet traffic.

When selecting Restricted connectivity, you can:

  • Enter Allowed domain names and/or IP addresses. Administrators can whitelist specific URLs and IP addresses entered in this field, allowing connections to these resources while other traffic could be restricted.
  • Apply restrictions to signed-in users - When selected, network access to users signed into the tenant will be restricted based on the settings above. When unselected, the restrictions apply only when the users are signed out.
  • Allow access to LAN devices - When enabled, users can access devices connected to their local network (for example, a local printer).
  • Allow Captive Portal - Captive Portal access is allowed until the internet access is acquired. Enabling this option will allow temporary access to any captive portal required to establish internet connectivity.
  1. In the Secure Web Gateway section, select either No forward proxy, Custom forward proxy, or Cyolo Secure Web Gateway.

When selecting Custom forward proxy, select either Condition profile or Forward Proxy. For additional information on Forward Proxy integration, see Forward Proxy.

When selecting Cyolo Secure Web Gateway, select either Condition profile or Action profile.

  1. Click Create when finished.

Updated 3 days ago