Web Isolation

 View Only
Back to discussions
Expand all | Collapse all

Does "on-prem" Web Isolation deployment include TIE "on-prem"? How do you scale up such a solution?

  • 1.  Does "on-prem" Web Isolation deployment include TIE "on-prem"? How do you scale up such a solution?

    Posted May 18, 2022 07:08 AM
    Hi;

    In a dedicated tenant scenario of deployment, let's say that I wanted to deploy the Web Isolation Gateway "On-prem" , would this mean that both the TIE and the Web Isolation Proxy will reside "On-prem"? if that is the case, how do you manage scalability, say if you have 10,000 users, is there a sizing guide for the gateway component? can you use a load balancer to load balance connections from the client's browser to a couple of gateways "on-prem"? is there a guide for that too?


    Kindly
    Wasfi


  • 2.  RE: Does "on-prem" Web Isolation deployment include TIE "on-prem"? How do you scale up such a solution?

    Posted Jun 11, 2022 04:09 AM
    Hello,

    I do not have a clear answer for everything so for any missing part I will let someone else answer :)

    would this mean that both the TIE and the Web Isolation Proxy will reside "On-prem"

    I guess you mean using Web isolation TIE as proxy as well ? Then the answer is yes. For on premise deployment you can also use a separate proxy to use as downstream proxy which will decide what to forward to be isolated (the forwarding condition are defined on the Web isolation management gateway which will generate a CPL code to copy/paste on the proxy policy).In downstream proxy deployment type I would advise to use a proxySG (just a copy paste of the CPL code in a dedicated layer ... :) )

    how do you manage scalability, say if you have 10,000 users ? is there a sizing guide for the gateway component?

    this is defined in the license for instance on my side if I remember correctly but this is a "gentleman agreement" meaning if you buy a license for 5000 users then if you go beyond the additional user connexion are also isolated.

    I did not find the link, i will let someone else answer but I have found this :


    can you use a load balancer to load balance connections from the client's browser to a couple of gateways "on-prem"?


    Yes see link below :

    https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/web-isolation/1-15/Symantec-Threat-Isolation-Overview/Symantec-Threat-Isolation-Deployment-Topologies/Symantec-Threat-Isolation-Web-App-Isolation/Using-a-Load-Balancer.html

    Last thing, the on-premise deployment will no longer supported ... You should think about the cloud solution, here the link

    https://knowledge.broadcom.com/external/article/215429/web-isolation-onpremises-eol-faq.html

    Best regards,
    Furil
    Original Message