Vous êtes sur la page 1sur 8

NetScaler Secure

Web Gateway (SWG)

- URL Filtering

1 © 2017 Citrix | Confidential

Address SSL visibility/filtering challenges

• SSL traffic increasing

• Control/Visibility challenged
• Apps moving to SaaS
• Traditional security solutions unable to

• SSL processing with performance & scale
• SSL interception
• Identity integration
• Analytics & reporting

The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment,
promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.
2 © 2017 Citrix | Confidential
Cost Effective Compliance & Filtering for Encrypted Traffic

Effective and
Visibility &
High Ease of Use

• SSL performance: Proven NetScaler SSL performance/hardware acceleration for user web traffic
• Up to date Intel: URL threat intelligence with up to date information for blocking phishing, malicious or compromised websites
• Ease of Use : NetScaler SWG Wizard for easy configuration
• Visibility & Analytics : Visibility and insights into user behavior, threats through MAS. Easy configuration and granular controls on
Forward Proxy

3 © 2017 Citrix | Confidential

Filtering, Visibility & Analytics with NetScaler SWG

Forward Proxy SSL Interception URL Filtering User Auth Extensive Reporting

Proxy modes: Transparent Proxy Explicit Proxy

URL Filtering Modes: Cloud-powered URL Categorization Local blacklisting/whitelisting

4 © 2017 Citrix | Confidential

SSL Interception
• SSL Traffic can be intercepted/bypassed/Reset based on below parameters
• URL filter category
• URL Reputation Score
• List of custom URLs
• SSL Bypass – Learning mode :
• URLS will be added to learning mode on encounter of SSL Errors from the web

• Flexibility : Administrators can easily configure the list of urls to get bypassed. For Example to bypass all Banking
Sites URL filter category can be used.
• Administrators can create their own custom list
• Save CPU Resource:
• Administrator can make the choice of non intercepting urls whose reputation score is high. For example
google.com can be bypassed , but twitter can be intercepted for checking the posting of tweet feeds
• SSL processing with performance & scale
5 © 2017 Citrix | Confidential
Flow Diagram

Client NetScaler Server

1. SYN 4. SYN


3. Client Hello
6. Client Hello + SNI

7. Server Hello
8. Server Cert/Key

9. Client Auth(Optional)
10 Server Hello Done
11. Server Hello + Forged Cert

12. SSL Handshake Complete

13. Application Data

14. Application Data

6 © 2017 Citrix | Confidential

URL Filtering
• URL’s accessed will be categorized and reputation score will be given
• Categorization and Reputation Score is gathered from Cloud and local cache is
• If the requested URL is not in local cache then categorization and reputation
information will be gathered from cloud
• Custom filter, e.g. for filtering social media content:
• Stored in local device as string array
• Retrieved from remote web server, for example web server owned
• No of Categories – 180
• No of URLS – 32 Billion Entries
7 © 2017 Citrix | Confidential
URL Filtering – Details

• Supports 180 Categories . NetScaler

Configuration is made simpler by
grouping of different categories into
logical blocks
– For example Social Networking includes
YouTube , twitter, Facebook etc

• Supports categorization of URL’s

which are short-lived( tiny url) and
can block short-lived phishing and
malicious urls

8 © 2017 Citrix | Confidential