Yep, it’s another blog post on TMG replacement. However, until now we’ve neglected the last piece of the TMG replacement puzzle, (forward web proxy). In addition to remote access and application publishing, a large number or organizations have relied on Forefront Threat Management Gateway so secure their outbound web traffic. A typical TMG web proxy array, (shown below), resides in the DMZ and utilizes various features such as URL and content filtering to control outbound user access. Organizations that don’t provide outbound web security are at significant risk. Data loss, or the liability or loss of employee productivity due to inappropriate use of the Internet can be very costly.
Features and Functionality
An effective solution will include various features that work in concert to ensure secure and managed access.
Forward web proxy -
Providing a level of anonymity between corporate systems and resources on the Internet is a key requirement to providing secure web access. A solution should include a full forward proxy where outbound connections are terminated at the proxy and reestablished on behalf of the client. The client system (whether located on premises or remotely) should be obscured from the Internet resource.
To prevent malicious or inappropriate traffic from entering the corporate environment, a web proxy needs to have visibility into a given site/content and respond accordingly. This includes both encrypted (SSL) traffic as well as unencrypted.
User access control
Enterprises often need to control different users’ access to Internet resources according to a number of factors such as position, work hours, and general business need. For a web proxy to provide real value to the enterprise, it must incorporate a variety of features and functionality that control access based upon users’ attributes and behavior.
Auditing and compliance -
Ensuring acceptable use policies are appropriately configured and adhered to is a critical function of both HR and IT departments. A web proxy solution must include the ability to monitor and report on end-user activity.
“So what’s an IT admin supposed to do? Hmmm…. Let’s see…. If only there was a device strategically located in the enterprise infrastructure that could act as a point of control for outbound web access; maybe one with a glowing red ball.”
Forward Web Proxy - SWG provides full, forward web proxy functionality, including the ability to evaluate and proxy encrypted, SSL-based traffic. The solution can be configured to secure web access for a variety of clients, both internal and remote.
URL and Content Filtering - The threat intelligence behind SWG analyzes more than 5 billion web requests every day to produce a comprehensive categorization database of 40 million website URLs.
User Access Control - SWG uses Access Policy Manager to give administrators the flexibility to evaluate and assign policy at an extremely granular level. For example, an administrator might apply a specific set of URL filters to a particular user within a certain Active Directory group for a specific period of time.
Ensuring acceptable and secure web access is more than just good business; more
often than not, it’s corporate policy—with the potential for very real consequences if not
appropriately managed. Secure Web Gateway Services provide IT administrators and HR professionals with the
tools they need to ensure acceptable use policies are both effective and appropriate. The
solution includes several dynamically generated and exportable reports that provide a clear
picture of the enterprise’s web activity. Additionally, the F5 solution can be integrated with
many remote central logging systems.
F5’s Secure Web Gateway is a great alternative to TMG. The solution combines granular access control,
robust compliance reporting, and a comprehensive categorization database
to provide the single point of control enterprises need to ensure safe and appropriate