Secure Web Gateway

Scalefusion's Secure Web Gateway (SWG) is a powerful tool for safeguarding your managed devices and ensuring a secure, productive online environment. By allowing administrators to block specific domain categories such as social media, adult content, or e-commerce, Secure Web Gateway effectively controls internet traffic, protecting your organization from malicious websites, phishing attacks, and unauthorized data access thus providing a safe browsing experience.

This document explains the configurations you need to do on Scalefusion Dashboard to control access of web content on managed Android and iOS devices.

Note: We are coming soon with the support for Android

What kind of web content can be blocked

On Scalefusion Dashboard, we have provided an extensive list of categories and sub-categories to choose from which includes education, health, social communication and many more. In general, we enable blocking the domains that fall under the categories defined here.

Pre-Requisites

1. Devices should be enrolled with Scalefusion

   1. Enrollment mode on Android: BYOD, Company Owned, COPE

   2. Enrollment mode on iOS : Kiosk, BYOD, AUE , User Authenticated & DEP/ADE

2. Scalefusion Android Agent v17.0.1 or above and iOS Agent v4.1.1 or above should be installed on device

3. Device Profile(s) should be created on Scalefusion Dashboard

4. Your account should have access to Secure Web Gateway feature

How it Works

Step 1: Create Filter

1. On Scalefusion Dashboard, navigate to Veltar > Secure Web Gateway and click on Create New filter.
   

2. In the new window, enter Filter Name

3. On the left you will find the configurable settings under these heads. Navigate to each link:
   
   

   1. Categories to Block: Select categories of websites to block (e.g., social media, adult content).
      
      

   2. Blocked Domains: Enter specific domains to block. This can be used if you want to block a domain that is not a part of any of the categories you have selected under Categories to Block. For adding more than one domain, click on Add Domain on top right and enter the URL you want to block in the text area.
      
      

   3. Allowed Domains: Enter specific domains to allow (overrides blocked domains). This can be used when you have blocked a category but you want to allow a specific domain. The websites/URLs published to the Device profile are already added to the exception list. Here, you can define additional websites that you want to exempt from being blocked. For adding more than one domain, click on Add Domain on top right and enter the URL you want to allow, in the text area.
      

      Patterns Supported for Domain Blocking and Allowing:
      

      www.<domain>.com: Blocks only domains

      *.<domain>.com : Blocks only subdomains

      <domain>.* : Blocks Top level Domains

      *.<domain>.* : Blocks subdomains and Top level Domains

      <domain>.com : Blocks domain and sub-domains

      
      

4. Once you have configured all the above, click Save on the top right.

5. The new filter will get created and displayed on the main Secure Web Gateway page with other related details.
   

Likewise you can create more content filters.

Additional Actions

You can edit or delete a filter once created by clicking on three dots under Actions.

Step 2: Publish filter

To apply filter you have created on devices, the next step is to Publish it.  

1. Click on publish by clicking on three dots under Actions
   

2. In the new window, select the device profile(s) on which you want to publish the filter. The list contains both Android and iOS Device profiles.

3. Click Submit
   

User Experience on Device

iOS

On publishing the filter,

1. A new section for Veltar will be created inside Scalefusion Agent with Secure Web Gateway enabled.
   
   

2. If you try to access a website which you have blocked by creating a filter, an alert message will be shown and you will not be allowed to access the website. The screenshot below is an example when you try to access a website on a supervised device which is blocked under Secure Web Gateway.
   
   

3. On an unsupervised device, this is how the alert message will be displayed. This is an example when user is trying to access on chrome browser.
   

Android (coming soon)

On publishing the filter,

1. Veltar will be available on the managed device. When you click on it, a key icon will be visible on the top notification bar and Secure Web Gateway shows as Enabled.
   
   

2. If you try to access a website which you have blocked by creating a filter, an alert message will be shown and you will not be allowed to access the website.
   

Known Behaviors

iOS

1. You may encounter issues with managed apps accessing the internet after publishing or unpublishing Secure Web Gateway flows on iOS devices, you can try the following workarounds:

   1. Kill and Relaunch the Scalefusion MDM App: Force-quit the Scalefusion MDM app and then relaunch it.

   2. Restart the Device: If the issue persists, restarting the iOS device can help refresh the system and resolve network connectivity problems.

2. Scalefusion's Secure Web Gateway currently has limitations in filtering the content of certain native iOS applications, such as Facebook and Instagram. We are actively working with Apple to investigate this behavior and identify potential solutions.

3. On Unsupervised Devices ,

   1. URLs will be blocked on All Managed Browsers Except Safari Browser.

   2. Secure Web Gateway is not supported below OS 16

4. If Any Browser Shortcuts are Published from Device Profile then those URLs will be accessible on All browsers even if the Category related to it is blocked.