Guides
ProductDeveloper
Guides

Configure the Secure Web Gateway

You can deploy various Umbrella components—DNS-layer security, cloud-delivered firewall (CDFW), and secure web gateway (SWG)—to secure your DNS and web traffic for your organization. Umbrella DNS-layer security is straightforward to deploy and is effective in protecting your systems. We recommend that you deploy the Umbrella DNS-layer security on all networks to protect users and devices.

When configured together, the CDFW and SWG provide greater visibility into the traffic on your networks and advanced filtering of web destinations. The Umbrella CDFW filters traffic based on a rule action and rule criteria—port, protocol, IP source and destination, and application. You can filter traffic at layer 3 and layer 4 that originates on the internal network but is destined for the internet and block apps at layer 7.

The Umbrella SWG proxies web traffic on various ports over TCP, UDP, and ICMP. If you configure Web security with HTTPS inspection, Umbrella can decrypt and inspect web destinations including applications and selectively control your organization's access to specific types of file.

Table of Contents

Umbrella Secure Web Gateway

The Umbrella SWG flexibly controls and routes web traffic. The SWG can decrypt and inspect traffic for web destinations, including applications accessed by users and devices in your organization. The SWG also:

  • Proxies HTTP and HTTPS traffic on standard and non-standard web ports.
  • Receives traffic filtered by the Umbrella CDFW on specific ports, protocols, and IP addresses.
  • Controls access to certain types of file and manages tenant controls.

Configure the SWG with HTTPS inspection in a Web policy rule. In the Web policy, you can configure the SWG and manage how your organization accesses files and applications. For more information about the Umbrella SWG configuration settings, see Manage the Web Policy.

Web Security Best Practices

Choose the type of policy, deployments, and configuration components that best match the identities and traffic in your organization.

The Umbrella SWG provides routing and inspection of web traffic.

Proxy FeatureSecure Web Gateway with HTTPS Inspection
Decrypts and inspects URLs that are filtered by port, protocol, source IP, destination IP, and application.✔️
Decrypts and inspects URLs for domains that Umbrella neither considers safe nor malicious. For more information, see Talos IP & Domain Reputation Center.
Proxies traffic on standard web ports (80 and 443).✔️
Proxies traffic on non-standard web ports.✔️

Set Up Web Security < Configure the Secure Web Gateway > Limitations and Range Limits