How To

From Secure Web Gateway
Revision as of 15:44, 5 December 2022 by Manish (talk | contribs)

Use SafeSquid to securely distribute Internet access across your user network.
This collection of How To articles provides a step-by-step guide to implement SafeSquid, and optimally use its various features.

Install SafeSquid

Setup Your Secure Web Gateway With SafeSquid Appliance Builder

Using SafeSquid Appliance Builder (SAB) is the most recommended method for setting up your secure web gateway. SAB is a customized distro of Ubuntu Linux. It enables you to quickly setup your secure web gateway on a standard Intel server hardware, or as a virtual appliance on any virtualization platform like VmWare or Hyper-V.

SAB automatically installs and configures all dependency libraries, and services. Of course you can fine-tune it it later to meet any special needs.

Read more about Setup Your Secure Web Gateway With SafeSquid Appliance Builder

Preferred Linux distribution: Setup Your Secure Web Gateway on your preferred Linux distribution

SafeSquid Appliance Builder (SAB) is an optimized version of Ubuntu Linux, optimized for easy setup of your secure web gateway. The SAB installs the Ubuntu Linux operating system, downloads and deploys the SafeSquid for Linux installation package, and the necessary dependencies. SafeSquid can also be installed on any other Linux operating system like Red-Hat, SuSe, CentOS, etc.

Read more about Setup Your Secure Web Gateway on your preferred Linux

Windows Server: Setup Your Secure Web Gateway on Windows Server

SafeSquid Appliance Builder (SAB) is an optimized version of Ubuntu Linux, optimized for easy setup of your secure web gateway. The SAB installs the Ubuntu Linux operating system, downloads and deploys the SafeSquid for Linux installation package, and the necessary dependencies. SafeSquid can also be installed on any other Linux operating system like Red-Hat, SuSe, CentOS, etc.

Read more about Setup Your Secure Web Gateway on Windows

How to setup virtualization environment for SafeSquid with VirtualBox.

VirtualBox is a powerful x86 and AMD64/Intel64 Virtualization Product. It can be used for Enterprise as well as for personal use. It is freely available and is an Open Source Software. It  runs on windows, Linux, Macintosh and Solar Host.

Read more about How to setup virtualization environment for SafeSquid with VirtualBox

Upgrade SafeSquid To A Newer Version

SafeSquid SWG upgrade is a newer version of the SafeSquid that offers a significant change or major improvement over your current version. Upgrade your SafeSquid to the latest version which may consists of bugfixes and enhancements.

Read more about Upgrade SafeSquid To A Newer Version

Access The SafeSquid User Interface

SafeSquid has an intrinsic Web GUI, that will enables you to manage your installation, policies required for setup, and also monitor your secure web gateway.

Read more about Access The SafeSquid User Interface

HTTPS Inspection

Setup HTTPS Inspection

HTTPS Inspection is the standard Security technology for encrypting a connection between the client and web server. Enable HTTPS inspection on SafeSquid SWG to inspect HTTPS traffic that is encrypted by the Secure Sockets Layer (SSL) protocol. SafeSquid will do deep content inspection of encrypted HTTPS traffic. Further this encrypted content can be filtered easily.

Read more about  Setup HTTPS Inspection

Bypass HTTPS Inspection Using Request Types

Read more about Bypass HTTPS Inspection Using Request Types

Manage Categories From Self Service Portal

Read more about Manage Categories From Self Service Portal

Allow Specific Website

Read more about  Allow specific website through SafeSquid

Block Specific Website

Read more about Block specific website through SafeSquid

Unblock the Blocked Website

Read more about Unblock the blocked website

Enforce SafeSearch

Google

Read more about Enforce_Google_Safe_Search_On_SafeSquid_Proxy

Yahoo

Read more about Enforce_Yahoo_Safe_Search_On_SafeSquid_Proxy

Bing

Read more about Enforce_Bing_Safe_Search_On_SafeSquid_Proxy

Setup Authentication

Read more about Authentication

IP based authentication

Read more about Enable IP based authentication

Integrate AD or OpenLDAP  with SafeSquid

Network enterprises that have a large number of users, popularly manage user credentials via a centralized system. The centralized system ensures user identification across all the networked enterprise resources and services. Users too benefit immensely, as they need a singular credential to access anything across the network enterprise.You can organize all users into groups based on IP addresses, user names or security group memberships in Microsoft Active Directory. Every group gets its own filtering exceptions and blocking rules. Authenticate your domain users using Kerberos, NTLM or Basic LDAP.

Read more about Integrate AD or OpenLDAP  with SafeSquid

Create User Groups based on network IP and LDAP (Active directory)

Setup your users into different User Groups. You can then set restriction policies for specifically these User Groups in the Access Profiles section.

Read more about Create User Groups

Integrate a Linux Host with a Windows AD for Kerberos SSO authentication

Kerberos Authentication support is particularly useful for Enterprise networks that have a Microsoft AD based Domain controller. By properly configuring the necessary Kerberos related factors, your enterprise Internet users can optionally enjoy Windows Integrated Authentication. Windows Integrated Authentication is a non-interactive authentication process, that uses SSO authentication. SSO ensures that your users do not have to manually provide their user credentials as username / password to access your networked enterprise resources and services, yet their access is restricted as specified. SSO, thus not only just adds convenience to the overall user experience, but also enhances security.

Read more about Integrate a Linux Host with a Windows AD for Kerberos SSO authentication

Adding Users using SafeSquid for Basic Authentication

If you don't have LDAP server to integrate with SafeSquid, but you want authenticate users by assigning usernames and passwords to your users.

Read more about Adding users using SafeSquid interface for authentication

Bypass Authentication 

Read more about  Bypass Authentication

Block Personal Gmail And Allow Google Corporate Accounts

Block Personal Gmail to ensure Data Security. No sharing of confidential data with personal accounts.You may want to prevent users from signing into Google services using any accounts other than the accounts you provided them with.Auto logout when detected that user is logged into personal Gmail. You can setup SafeSquid to block the access to consumer Google accounts.

Read more about Block Personal Gmail and  Allow Google Corporate Accounts

Defend Against Internal Threats And Data Leakage

Read more about Defend Against Internal Threats And Data Leakage

Data Leakage Prevention

Controlling Uploads

DLP module is primarily used to restrict/prevent uploads of confidential and critical information from any organization. You can select predefined content type(s) in DLP section to prevent their upload(s). You can create multiple policies in DLP section such that all the selected content types will be blocked when any end user tries to upload it.

Read more about Controlling Uploads To Prevent Data Leakage

Defend Against External Threats

Antivirus Engines

SvScan

Read more about SvScan

ClamAV

Read more about Clam_antivirus

ICAP

Read more about ICAP

Block Virus Uploads And Downloads

Protect your network against viruses, Trojans, malware and other threats. You can block virus uploads and downloads by using SafeSquid. SafeSquid is providing different types of antivirus setups.      

Read more about Block Virus Uploads And Downloads

Block Anonymous Proxies

An anonymous proxy will allow your users to surf the web anonymously, since it tunnels your data through servers that are spread out across the globe and involve other IP addresses. Anonymous Proxy service enhances your security and lets your users access some restricted websites online. You can block these proxies by using SafeSquid, so that no user access the blocked websites

Read more about Block Anonymous Proxies

Content Filtering

Prevent the users to access the inappropriate content like pornography.

Read more about Block an Unclassified Web-site by Identifying The True Nature of Served Content With SafeSquid

Block Advertisements And Banners

Security was the main reason cited for blocking of Advertisements. Advertisements can be annoying or intrusive. Blocking of advertisements can result in quicker loading and cleaner looking web pages with fewer distractions, lower resource waste (bandwidth, CPU, memory, etc.). You can setup SafeSquid to block all types of annoying advertisements and banners.

Read more about Block Advertisements

Block Third Party Cookies

You can block the cookies for third-party domains. Control tracking your activity across different sites and you can hide the referer for third-party domains. Now referer is same as hostname. You can also hide the user agents for third-party domains. Instead of original user agent SafeSquid use default user agent. (Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)).

Read more about Block Third Party Cookies

Block Particular User Login To Facebook Or Gmail

Restrict selective login user-names of logins from Facebook Or Gmail. You just enable default rule and modify your respective username with default ones. Now except selected users all can able to login into Facebook or Gmail.

Read more about Block Particular User Login To Facebook or Gmail

Remote Applications

Access Through SafeSquid

Some of the remote applications(remote desktop applications, Download managers) got block automatically when we enable HTTPS inspection in SafeSquid.

Read more about Block remote desktop applications, Download managers for all users

Create Custom Templates

Create your own block template to show, when ever the any application or website is blocked by SafeSquid.

Read more about Create Custom Templates

Caching Specific websites

Content Caching improves bandwidth efficiency. A page or file, when requested by a user, is served to the user and a copy of it is also maintained locally in the cache. So, when a request is made to fetch the same page or file, it is served with the local copy, instead of 'a fresh fetch'. SafeSquid has a very neat, efficient and manageable Content Caching system.

Read more about Caching Specific websites

Prefetch embedded images

Read more about Prefetch embedded images

Facebook

Facebook Read Only Mode

Read more about Facebook Read Only Mode

Allowing Specific Page on Facebook

Read more about Facebook specific page Allow

Discourage All Users from Login, Post and Upload

Read more about Discourage All users from Login,Post,Upload

Allow Social Networking Sites during Lunch Hours

Allow the access to social networking sites in lunch hours for all users or for specific group of people

Read more about Allow Social Networking Sites during Lunch Hours

YouTube

YouTube Safety Mode On Gateway 

You Restricted mode helps you to screen out potentially objectionable content that you may prefer not to see or don't want others in your network to stumble across while enjoying YouTube. It will not allow the users to turn off the restricted mode.

Read more about YouTube Safety mode on Gateway

YouTube API Integration With SafeSquid To Allow Specific YouTube Videos

Read more about YouTube API Integration With SafeSquid To Allow Specific YouTube Videos

Allow Specific YouTube Channel and its Playlist

Read more about Allow Specific YouTube Channel and its Playlist

Block Specific Youtube Channel

Read more about  Block Specific Youtube Channel

Mobile Applications

Allow Android Facebook Application

Read more about Allow Android Facebook Application

Profiled Internet Access

Your secure web gateway serves a variety of users, and applications. Appropriate restrictions ensure the web access boosts efficiency, while curbing non-productive activities. SafeSquid enables you to define policies as access profiles, and ensure compliance. Create policies for users, based on their organizational hierarchy, and business role, to boost productivity.

Read more about Profiled Internet Access

Enforce Safe Searches On Gateway 

World Wide Web provide extensive knowledge on almost every topic that you can think. Due to the vast information scattered around on the web we sometimes find the content that are irrelevant and inappropriate. We often come across adult/porn content accidentally while we are trying to find some information over internet. This may be faced by children or by someone who isn't supposed to watch pornographic content. Search engines help us big time in searching the appropriate content, but can sometimes mislead us. To avoid this Search engines has started providing with an additional feature Safe-Search.You can setup Safe Searches for different search engines like Google, Yahoo, Bing  by using SafeSquid.

Read more about Enforce Safe Searches 

Avoid Locking Yourself When You Are Configuring Policies In Access Restrictions

Read more about Avoid Locking Yourself When You Are Configuring Policies In Access Restrictions

Defend Against Malware And External Attacks

Read more about Defend Against Malware And External Attacks

Create And Manage Your Private Categories

Manage your websites list by dividing them to specific categories. You can block or allow all websites by using custom categories. You can manage your categories form self-service portal also. Make all list by websites to allow or block in separate text files and upload them from SafeSquid User Interface.

Read more about Create And Manage Your Private Categories

Advantages Of Custom Web Categorization 

Read more about Advantages Of Custom Web Categorization  

Do Bandwidth Management With Limits

Define the uploading and downloading limits to specific users or for all users. For example you want to restrict your users to download the file more than specified size.

Read more about Do Bandwidth Management With Limits

 Redirect One Website To Another Website

  Strictly redirect one URL to another. This is very useful if you want to redirect a certain page to a new location, change the URL structure of a site, remove the "www." portion of the URL, or even redirect users to another website entirely. A redirect automatically sends your website's visitors to a chosen destination. By this feature you can achieve Safe Searches for different search engines.

Read more about Redirect One Website To Another Website

Integrate FTP Servers With SafeSquid

Integrate your  FTP server with SafeSquid. And also you can setup the authentication for FTP sites. You can enable or disable the passive mode also for FTP server access.

Read more about Integrate FTP Servers With SafeSquid

Transparent Redirection With SafeSquid And WCCP

Read more about Transparent Redirection With SafeSquid And WCCP

Bypass HTTPS Inspection Using Request Types

Read more about Bypass HTTPS Inspection Using Request Types

G-Suite App Sync Setup With SafeSquid

Read more about G Suite App Sync Setup With SafeSquid

Use Statistics To View SafeSquid Stats

Read more about Use Statistics To View SafeSquid Stats

Accessing business applications through SafeSquid

Read more about Accessing business applications through SafeSquid

Allow Outlook To Work through SafeSquid

Read more about Allow Outlook To Work through SafeSquid

Manage Disk Space On SafeSquid Server

This article will help you how to free up the disk space when any of the partitions on the SafeSquid server is full. If any of the partition is full you will get errors like disk space is full and SafeSquid server will not process any connection coming from the clients.

Read more about Manage Disk Space On SafeSquid Server

Bypassing blocked policies for whitelisted users

Read more about Bypassing blocked policies for whitelisted users

Block Emails or Files including archives or Social Posts using Keywords

Read more about Block Emails or Files including archives or Social Posts using Keywords

Allow remote applications to particular users

Read more about Allow remote applications to particular users

Viewing SafeSquid UI from outside your network

Read more about Viewing SafeSquid UI from outside your network

Split the load between different ISPs

Read more about Split the load between different ISPs

Access Mobile Applications Through SafeSquid

Read more about Access Mobile Applications Through SafeSquid

Access Remote Desktop Applications Through SafeSquid

Read more about Access Remote Desktop Applications Through SafeSquid

Block Android Google PlayStore Application

Read more about Block Android Google PlayStore Application

Generate Performance Plot From SafeSquid User Interface

Read more about Generate Performance Plot from SafeSquid User Interaface

Generation of Support tarball

Network related issue or issue regarding policy configuration can be rectified by generating support tarball.

Read more about Generation of Support tarball

Setup Cloud Restore

SafeSquid Cloud restore feature is introduced as a disaster recovery plan(DRP). You can now recover your last configuration saved on cloud backup if any disaster occurs.

Read more about Cloud Restore

Manage SafeSquid Instances From Self Service Portal

Read more about Manage SafeSquid instances From Self Service Portal

Analyze The SafeSquid Logs

SafeSquid contains four different types of logs. Each log file has its own importance.

Read more about SafeSquid Logs

Installation Of Web Security Client

Read more about Web Security Client installation

Reporting (Dashboard)

Read more about Reporting (Dashboard)

Setup Reporting Module

Read more about Setup Reporting Module

Mail Integration with Reporting Module

Read more about Mail Integration with Reporting Module

Debug The Specific Issue

This page will help you with debug any problem faced during installation and post installation 

Read more about Debug The Specific Issue

Setup transparent proxy on SafeSquid

Setup the SafeSquid in transparent proxy mode, so that you can eliminate the client side configuration. Typically, the proxy server resides on the gateway and intercepts the requests from the clients. The client doesn't know that there is a proxy server which mediates their requests.

Read more about SafeSquid transparent proxy

How to configure reverse proxy

Read more about Reverse proxy

Deploy SafeSquid Behind Corporate Proxy

Use SafeSquid server in proxy chain mode. With simple configuration, you can forward requests to the upstream proxy from SafeSquid proxy server,

Read more about Deploy SafeSquid Behind Corporate Proxy

Installation Of Web Security Client

Read more about Web Security Client installation

Setup VPN with SafeSquid Web Security Client 

Read more about Configure VPN with SafeSquid Web Security Client

Setup Captive Portal on SafeSquid and Secure WIFI Access Through Active Directory Infrastructure

Read more about Secure WIFI Access Through Active Directory Infrastructure And SafeSquid Captive Portal