A. NetScaler SWG is available is on the following hardware platforms:
A. The SWG solution supports explicit and transparent proxy modes. In explicit proxy mode, the clients must specify an IP address and a port in their browsers, unless the organization pushes the setting onto the client’s device. This address is the IP address of a proxy server that is configured on the SWG appliance. Transparent proxy, as the name implies, is transparent to the client. The SWG appliance is configured in an inline deployment, and the appliance transparently accepts all HTTP and HTTPS traffic.
A. Yes. The wizard is located on the SWG node in the configuration utility.
A. Responder, AAA-TM, content switching, SSL, forward proxy, SSL interception, and URL filtering.
A. In the explicit proxy mode, LDAP, RADIUS, TACACS+, and NEGOTIATE authentication methods are supported. In transparent mode, only LDAP authentication is supported.
A. Yes. The NetScaler SWG appliance emulates the origin server certificate. This server certificate must be signed by a trusted CA certificate, which must be installed on the clients’ devices so that the client can trust the regenerated server certificate.
A. No. The NetScaler SWG platform requires its own platform license.
A. The ns.log file records NetScaler SWG information. You must enable logging by using the CLI or GUI. At the command prompt, type: set syslogparams -ssli Enabled.
In the GUI, navigate to System > Auditing. In Settings, click Change Auditing Syslog Settings. Select SSL Interception.
A. You can use one or both of the following commands:
A. The latest bundle is included in the build. For updates, contact Citrix Support.
A. Yes. You must enable Analytics in the Secure Web Gateway wizard.
Important: Ensure that you are using the same 12.0 build for MAS and SWG.
A. URL Filtering is a web content filter that controls access to a list of restricted websites and web pages. The filter restricts user access to inappropriate content on the internet based on URL category, category groups, and reputation score. A network administrator can monitor the web traffic and block user access to highly risky websites. You can implement the feature by either using URL Categorization or URL List feature based on policy enforcement. For more information, see URL Filtering topic.
A. URL Filtering leverages with NetScaler SWG appliance to control access to specific websites. The SWG appliance at the edge of the network acts as a proxy to intercept the web traffic and perform actions such as authentication, inspection, caching, and redirection. The filter then controls access to websites using URL Categorization or URL List feature with policy enforcement.
A. If you are using URL Categorization feature to control access to restricted websites, you must periodically update the categorization database with the latest data from cloud-based vendor service. To update the database, the NetScaler SWG GUI enables you to configure the URL filtering parameters such as Hours Between DB Updates” or “Time of Day to Update DB.
A. Following are some of the targeted use cases for enterprise customers:
A. Yes. The memory limit for caching is set as 10 GB and you can configure it through the NetScaler command line interface only.
A. If the incoming request does not match a category or if the URL is malformed, the appliance marks the URL as “Uncategorized” and sends the request to the cloud-based service maintained by the categorization vendor. The appliance continues to monitor the cloud query feedback and updates the cache so that future requests can benefit from the cloud lookup.
A. A URL reputation score is a rating that NetScaler SWG assigns to a website. The value can range from 1 to 4, where 4 is a malicious web site and 1 is a clean website. If a network administrator monitors a user accessing highly risky web sites, then access to such sites is controlled based on the URL reputation score and security level you have configured on the NetScaler SWG appliance. For more information, see URL Reputation Score.
A. URL Filtering uses a responder policy to control access to web sites. To whitelist a specific URL as an exception, in the SWG wizard, create a patset policy and add the exceptional URL with “allow” action. Once you create the policy, exit the wizard and do the following steps:
To change the priority of a policy expression by using the NetScaler SWG GUI:
A. URL Filtering feature is easy to deploy, configure, and use. It provides the following benefits and allows enterprise customers to:
A. You can modify a URL List policy through the NetScaler SWG Wizard by overwriting or deleting the imported list bound to the responder policy.
A. Each URL in the categorization database has a metadata associated to it. The metadata contains an URL category, category group, and reputation score information. For example, if the URL is a shopping portal, the metadata will be Shopping, Shopping/Retail, and 1 respectively.
Use the following expressions to get these values for the incoming URL.
A. URL Categorization feature requires an URL Threat Intelligence subscription service (available for one year or three years) with NetScaler SWG edition.
A. There are two ways of configuring URL Filtering. You can either do it through the NetScaler SWG command interface or through the NetScaler SWG Wizard. Citrix recommends that you use the wizard to configure filtering policies.
A. The URL Categorization database contains millions of URLs with metadata. The administrator can configure a responder policy to decide which URL categories can be blocked and which URL categories can be allowed for user access. For information about the URL category mapping, see Mapping Categories page.
You must enable webSocket in the default HTTP profile.
At the NetScaler command line, type:
> set httpprofile nshttp_default_profile -webSocket ENABLED