Secure Web Gateway Analytics

A NetScaler Secure Web Gateway (SWG) appliance at the edge of the enterprise network acts as an internet proxy. The appliance can operate in transparent proxy mode or explicit proxy mode and offers controls to intercept internet traffic, including HTTPS. A decision to intercept, bypass, or block any requests is made based on the policies configured on the appliance. A user is authenticated before logging on to the enterprise network. All requests and responses are tagged to the user and the user activities are logged in the appliance. For more information, see NetScaler Secure Web Gateway.

When you integrate the NetScaler Management and Analytic System (MAS) with a NetScaler SWG appliance, the logged user activity and the subsequent records on the appliance are exported to NetScaler MAS by using logstream. NetScaler MAS collates and presents information on the activities of users, such as, websites visited and the bandwidth spent. It also reports bandwidth use and detected threats, such as malware and phishing sites. You can use these key metrics to monitor your network and take corrective actions with the NetScaler SWG appliance.

To integrate a NetScaler SWG appliance with NetScaler MAS:

  1. On the NetScaler SWG Appliance, while configuring the Secure Web Gateway, enable Analytics and provide the details of the NetScaler MAS instance that you want to use for analytics.

  2. In NetScaler MAS, add the NetScaler SWG appliance as an instance to NetScaler MAS. For more information see, Add Instances to NetScaler MAS.

Secure Web Gateway Analytics