- 29 Nov 2024
- 4 Minutes to read
- Print
- PDF
Secure Web Gateway
- Updated on 29 Nov 2024
- 4 Minutes to read
- Print
- PDF
Scalefusion's Secure Web Gateway (SWG) is a powerful tool for safeguarding your managed devices and ensuring a secure, productive online environment. By allowing administrators to block specific domain categories such as social media, adult content, or e-commerce, Secure Web Gateway effectively controls internet traffic, protecting your organization from malicious websites, phishing attacks, and unauthorized data access thus providing a safe browsing experience.
This document explains the configurations you need to do on Scalefusion Dashboard to control access of web content on managed Android and iOS devices.
What kind of web content can be blocked
On Scalefusion Dashboard, we have provided an extensive list of categories and sub-categories to choose from which includes education, health, social communication and many more. In general, we enable blocking the domains that fall under the categories defined here.
Pre-Requisites
Devices should be enrolled with Scalefusion
Enrollment mode on Android: BYOD, Company Owned, COPE
Enrollment mode on iOS : Kiosk, BYOD, AUE , User Authenticated & DEP/ADE
Scalefusion Android Agent v17.0.1 or above and iOS Agent v4.1.1 or above should be installed on device
Device Profile(s) should be created on Scalefusion Dashboard
Your account should have access to Secure Web Gateway feature
How it Works
Step 1: Create Filter
On Scalefusion Dashboard, navigate to Veltar > Secure Web Gateway and click on Create New filter.
In the new window, enter Filter Name
On the left you will find the configurable settings under these heads. Navigate to each link:
Categories to Block: Select categories of websites to block (e.g., social media, adult content).
Blocked Domains: Enter specific domains to block. This can be used if you want to block a domain that is not a part of any of the categories you have selected under Categories to Block. There are two ways you can add domains:
Add Domain: Click on Add Domain and enter URL in text area. For adding more than one domain, click on Add Domain on top right and enter the URL you want to block in the text area.
Upload CSV: Add domains in bulk by downloading the Sample CSV and uploading the values.
Allowed Domains: Enter specific domains to allow (overrides blocked domains). This can be used when you have blocked a category but you want to allow a specific domain. The websites/URLs published to the Device profile are already added to the exception list. Here, you can define additional websites that you want to exempt from being blocked. There are two ways you can add domains:
Add Domain: Click on Add Domain and enter URL in text area. For adding more than one domain, click on Add Domain on top right and enter the URL you want to block in the text area.
Upload CSV: Add domains in bulk by downloading the Sample CSV and uploading the values.
Patterns Supported for Domain Blocking and Allowing:
www.<domain>.com: Blocks only domains
*.<domain>.com : Blocks only subdomains
<domain>.* : Blocks Top level Domains
*.<domain>.* : Blocks subdomains and Top level Domains
<domain>.com : Blocks domain and sub-domains
Once you have configured all the above, click Save on the top right.
The new filter will get created and displayed on the main Secure Web Gateway page with other related details.
Likewise you can create more content filters.
Additional Actions
You can edit or delete a filter once created by clicking on three dots under Actions.
Step 2: Publish filter
To apply filter you have created on devices, the next step is to Publish it.
Click on publish by clicking on three dots under Actions
In the new window, select the device profile(s) on which you want to publish the filter. The list contains both Android and iOS Device profiles.
Click Submit
User Experience on Device
iOS
On publishing the filter,
A new section for Veltar will be created inside Scalefusion Agent with Secure Web Gateway enabled.
If you try to access a website which you have blocked by creating a filter, an alert message will be shown and you will not be allowed to access the website. The screenshot below is an example when you try to access a website on a supervised device which is blocked under Secure Web Gateway.
On an unsupervised device, this is how the alert message will be displayed. This is an example when user is trying to access on chrome browser.
Android
On publishing the filter,
Veltar will be available on the managed device. When you click on it, a key icon will be visible on the top notification bar and Secure Web Gateway shows as Enabled.
If you try to access a website which you have blocked by creating a filter, an alert message will be shown and you will not be allowed to access the website.
Known Behaviors
iOS
You may encounter issues with managed apps accessing the internet after publishing or unpublishing Secure Web Gateway flows on iOS devices, you can try the following workarounds:
Kill and Relaunch the Scalefusion MDM App: Force-quit the Scalefusion MDM app and then relaunch it.
Restart the Device: If the issue persists, restarting the iOS device can help refresh the system and resolve network connectivity problems.
Scalefusion's Secure Web Gateway currently has limitations in filtering the content of certain native iOS applications, such as Facebook and Instagram. We are actively working with Apple to investigate this behavior and identify potential solutions.
On Unsupervised Devices ,
URLs will be blocked on All Managed Browsers Except Safari Browser.
Secure Web Gateway is not supported below OS 16
If Any Browser Shortcuts are Published from Device Profile then those URLs will be accessible on All browsers even if the Category related to it is blocked.