Secure Web Gateway

Scalefusion's Secure Web Gateway (SWG) is a powerful tool for safeguarding your managed devices and ensuring a secure, productive online environment. By allowing administrators to block specific domain categories such as social media, adult content, or e-commerce, Secure Web Gateway effectively controls internet traffic, protecting your organization from malicious websites, phishing attacks, and unauthorized data access thus providing a safe browsing experience.

This document explains the configurations you need to do on Scalefusion Dashboard to control access of web content on managed Android and iOS devices.

What kind of web content can be blocked

On Scalefusion Dashboard, we have provided an extensive list of categories and sub-categories to choose from which includes education, health, social communication and many more. In general, we enable blocking the domains that fall under the categories defined here.

Pre-Requisites

1. Devices should be enrolled with Scalefusion

   1. Enrollment mode on Android: BYOD, Company Owned, COPE

   2. Enrollment mode on iOS : Kiosk, BYOD, AUE , User Authenticated & DEP/ADE

2. Scalefusion Android Agent v17.0.1 or above and iOS Agent v4.1.1 or above should be installed on device

3. Device Profile(s) should be created on Scalefusion Dashboard

4. Your account should have access to Secure Web Gateway feature

How it Works

Step 1: Create Filter

1. On Scalefusion Dashboard, navigate to Veltar > Secure Web Gateway and click on Create New filter.
   

   

   
   

2. In the new window, enter Filter Name

3. On the left you will find the configurable settings under these heads. Navigate to each link:
   
   

   1. Categories to Block: Select categories of websites to block (e.g., social media, adult content).
      
      

   2. Blocked Domains: Enter specific domains to block. This can be used if you want to block a domain that is not a part of any of the categories you have selected under Categories to Block. There are two ways you can add domains:

      1. Add Domain: Click on Add Domain and enter URL in text area. For adding more than one domain, click on Add Domain on top right and enter the URL you want to block in the text area.

      2. Upload CSV: Add domains in bulk by downloading the Sample CSV and uploading the values.
         

         

         
         

   3. Allowed Domains: Enter specific domains to allow (overrides blocked domains). This can be used when you have blocked a category but you want to allow a specific domain. The websites/URLs published to the Device profile are already added to the exception list. Here, you can define additional websites that you want to exempt from being blocked. There are two ways you can add domains:

      1. Add Domain: Click on Add Domain and enter URL in text area. For adding more than one domain, click on Add Domain on top right and enter the URL you want to block in the text area.

      2. Upload CSV: Add domains in bulk by downloading the Sample CSV and uploading the values.
         

         

         
         

      Patterns Supported for Domain Blocking and Allowing:
      

      www.<domain>.com: Blocks only domains

      *.<domain>.com : Blocks only subdomains

      <domain>.* : Blocks Top level Domains

      *.<domain>.* : Blocks subdomains and Top level Domains

      <domain>.com : Blocks domain and sub-domains

      
      

4. Once you have configured all the above, click Save on the top right.

5. The new filter will get created and displayed on the main Secure Web Gateway page with other related details.
   

Likewise you can create more content filters.

Additional Actions

You can edit or delete a filter once created by clicking on three dots under Actions.

Step 2: Publish filter

To apply filter you have created on devices, the next step is to Publish it.  

1. Click on publish by clicking on three dots under Actions
   

2. In the new window, select the device profile(s) on which you want to publish the filter. The list contains both Android and iOS Device profiles.

3. Click Submit
   

User Experience on Device

iOS

On publishing the filter,

1. A new section for Veltar will be created inside Scalefusion Agent with Secure Web Gateway enabled.
   
   

2. If you try to access a website which you have blocked by creating a filter, an alert message will be shown and you will not be allowed to access the website. The screenshot below is an example when you try to access a website on a supervised device which is blocked under Secure Web Gateway.
   
   

3. On an unsupervised device, this is how the alert message will be displayed. This is an example when user is trying to access on chrome browser.
   

Android

On publishing the filter,

1. Veltar will be available on the managed device. When you click on it, a key icon will be visible on the top notification bar and Secure Web Gateway shows as Enabled.
   
   

2. If you try to access a website which you have blocked by creating a filter, an alert message will be shown and you will not be allowed to access the website.
   

Event Logs

From this section you can get detailed logs which are recorded for accessing websites/domains blocked or allowed under Secure Web Gateway configuration, providing valuable insights into device usage. Click on Event Logs tab under Secure Web Gateway.

Summary View

The Summary view provides an overview of Secure Web Gateway (SWG) activity and status. The information can be viewed under following heads:

1. Configuration Details

   1. Secure Web Gateway Pushed: Displays the total number of devices to which the Secure Web Gateway configuration has been published.

   2. Secure Web Gateway Active: Displays the total number of devices on which Secure Web Gateway is currently active or enabled.

2. Activity Details

   1. Domains Blocked: Displays the total count of unique domains that have been blocked.

   2. Domains Allowed: Displays the total count of unique domains that have been explicitly allowed.

3. Top 3 Blocked Categories and Sub-Categories

   1. Displays the top 3 categories and subcategories that have been blocked, ranked by the frequency with which domains within those blocked categories/subcategories have been accessed.
      

      

Events Info

This section shows detailed information on the events, under following heads

1. Device Name: The name of the device where the event occurred.

2. Domain: The domain name that is allowed or blocked. This will include blocked domains, explicitly allowed domains, and allowed domains.

3. Resolution: The action taken on the domain (as per filters created):

   1. Allowed

   2. Blocked

4. Category: The category the domain belongs to (displayed only when the domain is blocked).  Displays N/A if the domain is allowed.

5. Sub-category: The sub-category the domain belongs to (displayed only when the domain is blocked). Displays N/A if the domain is allowed.

6. Timestamp: The date and time when the user tried to access the website which is allowed/blocked.
   

   

Additional Features

Filters

There are filtering options available for viewing activity logs. You can filter them by:

1. Resolution: Filters events based on the action taken on the domain:

   1. All: Includes both Allowed and Blocked events

   2. Allowed: Displays only Allowed events.

   3. Blocked: Displays only Blocked events.

2. Date Range: Filters events based on a specific date range. Provide the start and end date. Here, start date can be from current Date to 7 days prior and you cannot select a date more than 30 days in the past.

3. Search: Search for specific events using Device Name, Domain, or Category/Sub-category.

4. Page Size: Select the number of records to be displayed on one page
   

   Note: Logs older than 30 days are automatically deleted.
   

   

Download CSV

Clicking the button downloads a CSV report containing the filtered activity data. Please note the report can be downloaded for a duration of 7 days at the maximum.

Known Behaviors

iOS

1. You may encounter issues with managed apps accessing the internet after publishing or unpublishing Secure Web Gateway flows on iOS devices, you can try the following workarounds:

   1. Kill and Relaunch the Scalefusion MDM App: Force-quit the Scalefusion MDM app and then relaunch it.

   2. Restart the Device: If the issue persists, restarting the iOS device can help refresh the system and resolve network connectivity problems.

2. Scalefusion's Secure Web Gateway currently has limitations in filtering the content of certain native iOS applications, such as Facebook and Instagram. We are actively working with Apple to investigate this behavior and identify potential solutions.

3. On Unsupervised Devices ,

   1. URLs will be blocked on All Managed Browsers Except Safari Browser.

   2. Secure Web Gateway is not supported below OS 16

4. If Any Browser Shortcuts are Published from Device Profile then those URLs will be accessible on All browsers even if the Category related to it is blocked.