ProxySG & Advanced Secure Gateway

 View Only

  • 1.  Absence of off-premise content filtering solution

    Posted Nov 07, 2019 02:01 PM

    The content filtering restrictions imposed by the proxy appliance when connected to an internal network & get wide open when an organization asset/laptop is connected to the public internet. This allows uncontrolled and complete access to unwanted, unauthorized and malicious websites access on organization laptop.

    This allowed users off-network to successfully click and access malicious content on organization laptop, thus leaving it open to malware and risk downloads, resulting in the compromise of the user and/or organization's official data.

    How can we avoid the same?



  • 2.  RE: Absence of off-premise content filtering solution

    Broadcom Employee
    Posted Nov 07, 2019 04:13 PM

    There is a complementary product to ProxySG, called Web Security Service (WSS), which is a cloud based implementation of ProxySG, offering the same features as ProxySG as a cloud service.

    This gives you the ability to block malware and restrict sites regardless of the network the user is connecting with.  You can implement WSS using either a unified agent, Symantec Endpoint Protection (SEP), or other methods (including PAC files, etc).

    Ask your channel sales rep for more information on WSS.



  • 3.  RE: Absence of off-premise content filtering solution

    Posted Nov 08, 2019 05:07 AM

    Another option is to make sure that all traffic is always directed through your company network, regardless where the client is. For example you can use an Always-On VPN solution for that (as soon as the client starts, a VPN tunnel with a default route is created) or use client side firewall rules which block all traffic except the VPN tunnel into your company datacenter.



  • 4.  RE: Absence of off-premise content filtering solution

    Posted Nov 11, 2019 02:29 PM

    Thanks for the suggestion, let me ask the sales rep about the same.



  • 5.  RE: Absence of off-premise content filtering solution

    Posted Nov 11, 2019 02:30 PM

    Thanks @fi-da, for the suggestion but I am looking for a proxy-based solution.



  • 6.  RE: Absence of off-premise content filtering solution

    Posted Nov 12, 2019 12:23 AM

    Hi Tanmay,

     

        If you are OK to have a restricted category-based access, you can use the Proxy based Unified Agent (i.e. Unified Agent Local Enforcement). This is a free (last time I checked) option available along with ProxySG and can restrict access based on category. This used to be called as “Proxy Client” before. You can read more at https://support.symantec.com/us/en/documentation.1256836.html

    Note: Even though the policy for this is created in a ProxySG (aka Client Manager), it is separate from your normal proxy policy.