Getting Started

From Secure Web Gateway

Introduction

SafeSquid is an RFC 2616 compliant HTTP/1.1 proxy server, specially designed to provide maximum protocol, and payload security.

SafeSquid based Secure Web Gateways enable your users to safely access the web.
SafeSquid, when setup in Reverse Proxy mode, secures your web applications.

SafeSquid is a highly scalable software, that enables scaling up by increasing the hardware provisioning, or scaling out by creating an application cluster.

While the installable packages for both these platforms are different for obvious reasons, the configuration and operation is quite identical. So you can choose platform of your choice, to host SafeSquid Proxy Service. Yes, the advantages of deploying SafeSquid on Linux are overall higher because the Linux operating system is better suited for servers. But then if you are more comfortable with Microsoft®Windows, you can happily deploy on Windows. Migration from either of the platforms to the other is not very difficult, really!

 

System Requisites

Use SafeSquid Appliance Builder (SAB) to setup your secure web gateway. SAB is an Ubuntu Linux operating system ISO, customized to provide automatic setup of all the necessary files and services. SAB enables you to transform a standard Intel® hardware architecture for servers, into a hardware web security appliance, or a setup a virtual appliance on any virtualization infrastructure like VmWare® or Microsoft Hyper-V®.

Use the SafeSquid installation packages (tar.gz) if you wish to setup secure web gateway on other Linux distributions like RedHat®, SuSe®, CentOS®, etc.

Use Windows installer package to setup SafeSquid on a Microsoft Windows system.

Hardware Requirements

Minimal Hardware

  • RAM: 4 GB
  • CPU: 4 Core
  • HDD: 160 GB (Depending upon the number of logs and database you want to keep)

 

Recommended Hardware

The above specified Minimal Hardware should enable you to do a functional setup of SafeSquid.
However provisioning it for active servicing a platform with atleast 8 CPU cores, and 8GB RAM should be a great starting point.
SafeSquid is SMP-aware, enabling seamless scale-up by increasing CPU cores, RAM and NIC.
As a thumb rule for server sizing add 2 CPU cores and 4GB RAM per 100 concurrent connections.
If you intend to use SafeSquid's HTTPS Inspection feature, using processors with "AES-NI", is recommended.
How to find out AES-NI (Advanced Encryption) Enabled on Linux System
SafeSquid is cluster-ready.
You may thus scale-out by adding nodes to your cluster.
A clustered setup would give you the advantage of both load‑balanced throughput as well as high‑availability service.
Suggested Hardware Sizing
CPU (cores) RAM (GB) HDD Max Concurrent Connections Approx Users
4 8 500GB 100 25
4 16 1TB 500 150
8 16 2TB 1000 350
8 32 4TB 1500 600
16 32 4TB 2000 1000
16 64 8TB 3000 1500

Installation and Activation

Get Product Activation Key

Before downloading the SafeSquid installer(s), you MUST register to create your account on SafeSquid's self-service portal at - https://key.safesquid.com/Registration is free, and requires just a few minutes. Your registered account also provides the management of SafeSquid's cloud-backed features, like Custom Web Categorization, VPN support, Configuration Backup, Subscription management, etc.

All registered users are provided with a Product Activation Key. After the actual installation, you must upload this activation key via SafeSquid's Browser based Interface. Your users may not be able to access the web until then. Use the same Activation Key across all your instances of SafeSquid, to ensure easy replication of policies, and other common aspects.

Read more about Registration Process for https://key.safesquid.com

Download Installation Package

SafeSquid Appliance Builder

SafeSquid Appliance Builder (SAB) is the most recommended installer. You may download it using the link displayed when you log into your registered account. Alternatively you may download it from - https://downloads.safesquid.com/appliance/safesquid.iso . SAB is a customized version of Ubuntu 18.04 x86_64 minimal iso. You may create a virtual appliance using the SAB iso on any virtualization infrastructure, or boot a standard Intel Server hardware to create a hardware appliance.

Read more about Setup Your Secure Web Gateway With SafeSquid Appliance Builder

 

Legacy SafeSquid for Linux

Read more about Setup Your Secure Web Gateway on your preferred Linux distribution

Activate your Product

Before you start accessing the web via SafeSquid you must activate it. Read more about How to Activate a SafeSquid Instance

 

Basic Setup

If you plan to use HTTPS inspection, then you must first configure HTTPS inspection

Integration of SafeSquid Proxy Service with your Microsoft Active Directory, or OpenLDAP service, would be the most recommended immediate next step.

The How To section could provide you with a fair idea of the rest of the goals that you may want to achieve.