Product Documentation

Direct Internet Breakout at Branch forwarding to Secure Web Gateway

To secure traffic and enforce policies, enterprises often use MPLS links to backhaul branch traffic to the corporate data center. The data center applies security policies, filters traffic through security appliances to detect malware, and routes the traffic through an ISP. Such backhauling over private MPLS links is expensive. It also results in significant latency, which creates a poor user experience at the branch site. There is also a risk that users bypass your security controls.

An alternative to backhauling is to add security appliances at the branch. However, the cost and complexity increases as you install multiple appliances to maintain consistent policies across the sites. Most significantly, if you have many branch offices, cost management becomes impractical.

One alternative is to enforce security without adding cost, complexity, or latency would be to route all branch internet traffic using NetScaler SD-WAN to the Secure Web Gateway service. A third-party secure web gateway service enables granular and central security policy creation to be utilizing by all connected networks. The policies are applied consistently whether the user is at the data center or a branch site. Because secure web gateway solutions are cloud based, you don’t have to add more costly security appliances to the network.

localized image

NetScaler SD-WAN supports the following secure web gateway solutions:

Direct Internet Breakout at Branch forwarding to Secure Web Gateway

In this article