Scribd Logo
Upload

Welcome to Scribd!

  • 136 views

    NetScaler SWG - Technical Overview - NEW-1

    Uploaded by

    Radumalem Tarigan
    NetScaler SWG

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    NetScaler SWG - Technical Overview - NEW-1

    Uploaded by

    Radumalem Tarigan
    136 views8 pages
    NetScaler SWG

    Original Title

    NetScaler SWG - Technical Overview_NEW-1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    NetScaler SWG

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    136 views8 pages

    NetScaler SWG - Technical Overview - NEW-1

    Uploaded by

    Radumalem Tarigan
    NetScaler SWG

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 8

    NetScaler Secure

    Web Gateway (SWG)


    - URL Filtering

    1 © 2017 Citrix | Confidential


    Address SSL visibility/filtering challenges
    Problem/Trends

    • SSL traffic increasing


    • Control/Visibility challenged
    • Apps moving to SaaS
    • Traditional security solutions unable to
    NetScaler
    scale

    Solution
    • SSL processing with performance & scale
    • SSL interception
    • Identity integration
    • Analytics & reporting

    The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment,
    promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.
    2 © 2017 Citrix | Confidential
    Cost Effective Compliance & Filtering for Encrypted Traffic

    Effective and
    Visibility &
    High Ease of Use
    Analytics
    Performance

    • SSL performance: Proven NetScaler SSL performance/hardware acceleration for user web traffic
    • Up to date Intel: URL threat intelligence with up to date information for blocking phishing, malicious or compromised websites
    • Ease of Use : NetScaler SWG Wizard for easy configuration
    • Visibility & Analytics : Visibility and insights into user behavior, threats through MAS. Easy configuration and granular controls on
    traffic
    Forward Proxy

    3 © 2017 Citrix | Confidential


    Filtering, Visibility & Analytics with NetScaler SWG

    Forward Proxy SSL Interception URL Filtering User Auth Extensive Reporting
    Logging

    Proxy modes: Transparent Proxy Explicit Proxy

    URL Filtering Modes: Cloud-powered URL Categorization Local blacklisting/whitelisting

    4 © 2017 Citrix | Confidential


    SSL Interception
    Features
    • SSL Traffic can be intercepted/bypassed/Reset based on below parameters
    • URL filter category
    • URL Reputation Score
    • List of custom URLs
    • SSL Bypass – Learning mode :
    • URLS will be added to learning mode on encounter of SSL Errors from the web
    sites

    Benefits
    • Flexibility : Administrators can easily configure the list of urls to get bypassed. For Example to bypass all Banking
    Sites URL filter category can be used.
    • Administrators can create their own custom list
    • Save CPU Resource:
    • Administrator can make the choice of non intercepting urls whose reputation score is high. For example
    google.com can be bypassed , but twitter can be intercepted for checking the posting of tweet feeds
    • SSL processing with performance & scale
    5 © 2017 Citrix | Confidential
    Flow Diagram

    Client NetScaler Server


    1. SYN 4. SYN

    2. SYN ACK 5. SYN+ ACK

    3. Client Hello
    6. Client Hello + SNI

    7. Server Hello
    8. Server Cert/Key

    9. Client Auth(Optional)
    10 Server Hello Done
    11. Server Hello + Forged Cert

    12. SSL Handshake Complete

    13. Application Data


    14. Application Data

    6 © 2017 Citrix | Confidential


    URL Filtering
    Features
    • URL’s accessed will be categorized and reputation score will be given
    • Categorization and Reputation Score is gathered from Cloud and local cache is
    maintained.
    • If the requested URL is not in local cache then categorization and reputation
    information will be gathered from cloud
    • Custom filter, e.g. for filtering social media content:
    • Stored in local device as string array
    • Retrieved from remote web server, for example web server owned
    • No of Categories – 180
    • No of URLS – 32 Billion Entries
    7 © 2017 Citrix | Confidential
    URL Filtering – Details

    • Supports 180 Categories . NetScaler


    Configuration is made simpler by
    grouping of different categories into
    logical blocks
    – For example Social Networking includes
    YouTube , twitter, Facebook etc

    • Supports categorization of URL’s


    which are short-lived( tiny url) and
    can block short-lived phishing and
    malicious urls

    8 © 2017 Citrix | Confidential

    You might also like