Web filters are commonly used by the organization to restrict user internet access to certain web applications content and it has increasingly become non-effective against proxy avoidance applications. IAG collaborates with Endpoint Secure to enforce Proxy Avoidance Protection on any user attempt to use this application for bypassing the security perimeter more effectively. R&D team within Sangfor employs a dedicated team of application signatures security experts who are continuously categorizing and adding the latest proxy avoidance applications to ensure that detection rate and blocking capabilities are current and up to date.
Sangfor IAG - Secure Web Gateway & Web Filtering Solution
Accelerating modern trends such as cloud applications adoption, the move of the hybrid workplace and increased use of mobile and personal devices for work have all constantly put more pressure on the organization to ensure a secure workforce environment. At the same time, a rise in encrypted applications, proxy avoidance applications, and increasingly affordable availability of third-party VPN applications have imposed further liability for the organization where it can easily bypass your security perimeter undetected without any protection. You need an extensive secure web gateway not only to protect your organization against these common threats but also as a critical asset for safeguarding user internet access behavior.
Why Sangfor IAG?
Sangfor IAG enables you to identify, analyze and take immediate action upon user internet access behavior.
Product Advantages
Proxy Avoidance Protection
Intelligent Traffic Management
Sangfor IAG improves bandwidth utilization by more than 30% using three unique major traffic management solutions. Dynamic Traffic Control automatically adjusts traffic control policies and intelligently allocates idle bandwidth resources. Intelligent Flow Control precisely manages both up-link and down-link P2P traffic and can customize traffic "packages" for different users, allocating specific traffic quotas and limiting bandwidth for heavier users.
Gateway and Client Decryption to Uncover Encrypted Traffic
Typically, a majority of internet traffic is protected by SSL/TLS encryption. While encryption helps to keep user and corporate data protected and private, it also creates security challenges when it comes to the rapid growth of malware infections and other malicious content. Sangfor IAG offers both decryption methods including gateway and client decryption to overcome these challenges. This enables an organization to have the flexibility to run either one or both in parallel to uncover encrypted traffic according to your corporate IT strategy and planning.
Unified Network-wide Management of all Clients
Sangfor IAG provides Unified Management and effectively controls both Wired and Wireless networks for the entire network. With intuitive and flexible authentication methods, it fully guarantees the security of access control, supporting a variety of traditional authentication methods such as username/password, IP/MAC binding, and a wide array of value-added marketing authentication methods (QR code, SMS, WeChat, Social media, OA account, SAML 2.0, third-party system, etc.). Permissions are controlled based on user, application, location, and client types while using IAG or third-party wireless controller as a unified authentication server, building a faster and more cost-effective wireless network.
Precise and Accurate Application Control
Sangfor IAG manages and controls network applications more comprehensively, accurately, and conveniently with the largest application signature database in Asia, which can identify more than 6,000+ applications in its database including 700+ cloud applications, 1,000+ mobile applications, 300+ web applications, and is updated every 2 weeks. In addition, it precisely controls applications according to their specific functions, such as distinguishing upload, download, and other actions in the network. Finally, bulk management mode for large enterprises greatly improves management efficiency.
Offloading Performance When Using ICAP Integration With Third Party System
Sangfor IAG can act as an ICAP client to be used with any ICAP server-enabled network appliance by offloading threat protection or other value-added services. In addition, Sangfor IAG provides request and response inspection mode while enabling the ICAP server group to run on a round-robin or concurrent condition.
Secure Onboarding Devices With Endpoint Security Posture
Sangfor IAG identifies and secure endpoint devices with or without agents, it helps to ensure these devices are connected with compliant and secure. You gain visibility and control what is on your environment without impacting your network performance.
Proxy Avoidance Protection
Web filters are commonly used by the organization to restrict user internet access to certain web applications content and it has increasingly become non-effective against proxy avoidance applications. IAG collaborates with Endpoint Secure to enforce Proxy Avoidance Protection on any user attempt to use this application for bypassing the security perimeter more effectively. R&D team within Sangfor employs a dedicated team of application signatures security experts who are continuously categorizing and adding the latest proxy avoidance applications to ensure that detection rate and blocking capabilities are current and up to date.
Intelligent Traffic Management
Sangfor IAG improves bandwidth utilization by more than 30% using three unique major traffic management solutions. Dynamic Traffic Control automatically adjusts traffic control policies and intelligently allocates idle bandwidth resources. Intelligent Flow Control precisely manages both up-link and down-link P2P traffic and can customize traffic "packages" for different users, allocating specific traffic quotas and limiting bandwidth for heavier users.
Gateway and Client Decryption to Uncover Encrypted Traffic
Typically, a majority of internet traffic is protected by SSL/TLS encryption. While encryption helps to keep user and corporate data protected and private, it also creates security challenges when it comes to the rapid growth of malware infections and other malicious content. Sangfor IAG offers both decryption methods including gateway and client decryption to overcome these challenges. This enables an organization to have the flexibility to run either one or both in parallel to uncover encrypted traffic according to your corporate IT strategy and planning.
Unified Network-wide Management of all Clients
Sangfor IAG provides Unified Management and effectively controls both Wired and Wireless networks for the entire network. With intuitive and flexible authentication methods, it fully guarantees the security of access control, supporting a variety of traditional authentication methods such as username/password, IP/MAC binding, and a wide array of value-added marketing authentication methods (QR code, SMS, WeChat, Social media, OA account, SAML 2.0, third-party system, etc.). Permissions are controlled based on user, application, location, and client types while using IAG or third-party wireless controller as a unified authentication server, building a faster and more cost-effective wireless network.
Precise and Accurate Application Control
Sangfor IAG manages and controls network applications more comprehensively, accurately, and conveniently with the largest application signature database in Asia, which can identify more than 6,000+ applications in its database including 700+ cloud applications, 1,000+ mobile applications, 300+ web applications, and is updated every 2 weeks. In addition, it precisely controls applications according to their specific functions, such as distinguishing upload, download, and other actions in the network. Finally, bulk management mode for large enterprises greatly improves management efficiency.
Offloading Performance When Using ICAP Integration With Third Party System
Sangfor IAG can act as an ICAP client to be used with any ICAP server-enabled network appliance by offloading threat protection or other value-added services. In addition, Sangfor IAG provides request and response inspection mode while enabling the ICAP server group to run on a round-robin or concurrent condition.
Secure Onboarding Devices With Endpoint Security Posture
Sangfor IAG identifies and secure endpoint devices with or without agents, it helps to ensure these devices are connected with compliant and secure. You gain visibility and control what is on your environment without impacting your network performance.
| Models | M5100 | M5200 | M5400 | M5500 | M5600 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Profile | 1U | 1U | 1U | 1U | 1U | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| HD Capacity | 128 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Application Layer Throughput Options | 160 Mbps | 400 Mbps | 600 Mbps | 1 Gbps | 1.2 Gbps | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Recommended Concurrent Users | 600 Users | 2,000 Users | 3,000 Users | 5,000 Users | 6,000 Users | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Click to Download |  |
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Models | M6000 | M6000-UPG¹ | M9000 | M10000 | M12000 | M14000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Profile | 2U | 2U | 2U | 2U | 2U | 2U | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| HD Capacity | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 1.92 TB SSD | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Application Layer Throughput Options | 2 Gbps | 4 Gbps | 10 Gbps | 20 Gbps | 40 Gbps | 60 Gbps (Bypass) / 50Gbps (Bridge) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Recommended Concurrent Users | 15,000 Users | 20,000 Users | 50,000 Users | 100,000 Users | 200,000 Users | 200,000 Users | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Click to Download | |
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Models | M5500-SK | M5800-SK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Profile | 1U | 1U | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| HD Capacity | 128 GB MSATA | 128 GB MSATA + 480 GB SSD | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Application Layer Throughput Options | 750 Mbps | 1.5 Gbps | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Recommended Concurrent Users | 1,000 Users | 2,000 Users | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Click to Download | |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
¹ M6000-UPG is a license upgrade from M6000 with application layer bandwidth increased from 1G to 2G.
Unveiling IT Transformation at PT. CJ Indonesia | Sangfor Tech Talk
Unveiling IT Transformation at PT. CJ Indonesia | Sangfor Tech Talk
Innovation and Success: Sangfor x Universitas Pelita Harapan's Story
Interview with IBA Karachi's Head of ICT Wajeeh Zaidi - Customer Testimonial
Interview with Shahid Khan Jadoon, Manager IT | National Information Technology Board NITB, Pakistan
Ramsay Sime Darby Healthcare x Sangfor: Success Story
PT Bank Victoria International Tbk x Sangfor: Success Story
Guy Rosefelt Interview with Cyber Defense Magazine 2022
Sangfor IAG – Secure Internet Access
Secure Internet Gateway Use Cases
Without Sangfor IAG the office environment is comparable to an internet cafe where users and staff can freely access video, social media, and endless entertainment. IT administrators are hard-pressed to identify exactly which users are consuming excess bandwidth, preventing effective control over user browsing behavior. Sangfor IAG can identify and control non-work-related applications in the network while allowing companies to keep a close eye on their bandwidth management, whereby they allocate all available bandwidth for key business needs, and improving business efficiency and productivity. Numerous professional traffic management features allow IAG to rationally allocate bandwidth resources and maximize bandwidth usage. For organizations with multiple branches, IAG provides a unified management platform and supports 3G link backup, making network management more efficient and reliable.
Because customers have vastly different authentication procedures, each internal network requires user authentication integration with AD, Radius to achieve SSO. IAG guest authentication provides convenient access through Facebook, WeChat, SMS and offers a unified authentication solution, which manages both the wired and wireless connected users within a single IAG platform. Sangfor IAG also offers a switch based user access control capability to help control LAN user access. Finally, Sangfor IAG can be integrated with WLAN vendors like Cisco, Aruba to allow the Unified Authentication Center to drastically simplify the process of network integration and management.
To protect the user from web threats, a secure web gateway is an effective defense over web-based threats and enabling secure internet access. Sangfor IAG can work with your on-premise applications and internet traffic. With the accelerated SSL decryption performance, all HTTP and HTTPS traffic will be monitored and analyzed with IAG, which is the huge bottleneck of other solutions like NGFW or UTM. The AI-based threat intelligence platform provides web filtering services and improves the capability of identifying known and unknown threats. It also keeps users protected while ensuring they enjoy a safe and secure web experience.
As unauthorized use of networks becomes more common, many countries and regions are developing and enforcing laws governing user internet access behavior. The IAG internal application database comprehensively logs malicious user activity including file uploads, BBS posting, email, browsing history, and applications accessed. This audit solution assists in customer compliance with local legal regulations and serves as a valuable investigative resource in the event of illegal network usage incidents.
Secure Internet Gateway Frequently Asked Questions
Please perform it following:
- Step 1. Add a new LDAP Server under the External Auth Server.
- Step 2. Enter the details such as Server Name, IP Address of the external authentication server, the admin account username and password and select the BaseDN. After entered all the details, click the Test Validity to check whether able to connect the external authentication server or not.
- Step 3. After tested the validity, a message will prompt out to show the result.
- Step 4. Click the Sync with all LDAP servers to sync all the data. Now, the configuration is successfully set.
In a typical environment, Secure Web Gateway (SWG) is used to block access to inappropriate websites or applications, prevent malware infections, and enforce corporate internet compliance. SWG is similar to a firewall in that both prevent malicious activities and provide necessary network security protections. However, the main difference is that SWG emphasizes securing user onboarding and promoting productivity. It is common for an enterprise to use both SWG and firewall to fortify their defense as both of them usually complement each other. For more info on using both Sangfor IAG and Network Secure, please refer to this blog webpage.
The main difference is Premium Bundle will have all the Essential Bundle components with the addition of Anti-malware protection (Engine Zero) and threat intelligence (Neural-X).
Latest Webinar
Live Event
GITEX GLOBAL 2024 - Dubai
Join Sangfor Technologies at GITEX GLOBAL 2024 from October 14-18 in Dubai to explore AI-powered cloud security innovations.
Date
:
14 Oct 2024
Live Event
2024 EMEA & LATAM EPIC Innovation Summit
The stage lit up again with the 2024 EMEA & LATAM Edition of the Sangfor EPIC Innovation Summit’s stellar entry in Shenzhen, China.
Date
:
18 Sep 2024
Live Event
2024 Sangfor EPIC Summit - APAC Edition
The APAC edition of the Sangfor EPIC Summit 2024 successfully concluded in Beijing, bringing together a vibrant community of more than 300 customers.
Date
:
11 Sep 2024
Latest Blog
Cyber Security
Election Security: Cyber Fraud Through AI, Deep Fakes, and Social Engineering
As AI grows, cyber fraud threatens election security globally. We explore emerging AI and deep fake threats and how to secure elections against them.
Date
:
13 Nov 2024
Cyber Security
Critical SonicWall & Fortinet Vulnerabilities (CVE-2024-23113 & CVE-2024-47575) Threaten Organizations Globally
Learn about Fortinet vulnerabilities, their potential risks, and effective mitigation strategies to safeguard enterprise networks from cyber threats.
Date
:
13 Nov 2024
Cyber Security
EMERALDWHALE Credential Theft – Massive Git Config Breach Exposed 15,000 Credentials
Sysdig uncovers EMERALDWHALE, a campaign exploiting Git config files to steal 15,000+ cloud credentials, highlighting the need for securing repositories.
Date
:
11 Nov 2024
Latest News
Press Release
Sangfor Technologies Expands SASE Infrastructure in Malaysia with Second Point of Presence (POP)
Sangfor Technologies launched its second Point of Presence in Malaysia for SASE, boosting security and connectivity for businesses amid rising cyber threats.
Date
:
18 Oct 2024
News
Sangfor Technologies Wraps Up 2024 EMEA & LATAM EPIC Innovation Summit with Grand Success in Shenzhen
The 2024 EMEA & LATAM Sangfor EPIC Innovation Summit in Shenzhen showcased global leaders discussing advancements in cybersecurity, cloud computing, and AI.
Date
:
26 Sep 2024
Press Release
Sangfor Technologies Partners with Amerigroup to Develop the Global Digital Economy
On September 19, 2024, Sangfor Technologies and Amerigroup International signed a strategic partnership to enhance the digital economy, starting in Mexico.
Date
:
25 Sep 2024