Product Documentation

Direct Internet Breakout at Branch forwarding to Secure Web Gateway

Nov 14, 2017

To secure traffic and enforce policies, enterprises often use MPLS links to backhaul branch traffic to the corporate data center. The data center applies security policies, filters traffic through security appliances to detect malware, and routes the traffic through an ISP. Such backhauling over private MPLS links is expensive. It also results in significant latency, which creates a poor user experience at the branch site. There is also a risk that users will bypass your security controls.

An alternative to backhauling is to add security appliances at the branch. However, the cost and complexity increases as you install multiple appliances to maintain consistent policies across the sites.  Most significantly, if you have a large number of branch offices, cost management becomes impractical.

One alternative is to enforce security without adding cost, complexity, or latency would be to route all branch internet traffic using NetScaler SD-WAN to the Secure Web Gateway service.  A third-party secure web gateway service enables granular and central security policy creation to be utilizing by all connected networks. The policies are applied consistently whether the user is at the data center or a branch site. Because secure web gateway solutions are cloud based, you don’t have to add additional costly security appliances to the network.

localized image

NetScaler SD-WAN supports the following secure web gateway solutions: