I got some trial keys for APM and SWG and set up a test for what we would need in our production environment. Here's what we are looking for:
URL Filtering for internal users with the ability to add custom hostnames AND URIs to custom block categories
The ability to have separate policies based on Source IP (by having VIPs that specify Source Address ranges and different policies)
The ability to log blocked events locally and log to Splunk
My question is... Do I really need the SWG subscription to do these things? Or would the URL Filtering subscription be enough? From my research it seems like the SWG subscription just adds "malware detection and real-time content classification," which I'm not sure we'd really need. I'm assuming the URL Filtering subscription is a good deal cheaper than SWG...