Vous êtes sur la page 1sur 8

NetScaler Secure

Web Gateway (SWG)


- URL Filtering

1 © 2017 Citrix | Confidential


Address SSL visibility/filtering challenges
Problem/Trends

• SSL traffic increasing


• Control/Visibility challenged
• Apps moving to SaaS
• Traditional security solutions unable to
NetScaler
scale

Solution
• SSL processing with performance & scale
• SSL interception
• Identity integration
• Analytics & reporting

The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment,
promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.
2 © 2017 Citrix | Confidential
Cost Effective Compliance & Filtering for Encrypted Traffic

Effective and
Visibility &
High Ease of Use
Analytics
Performance

• SSL performance: Proven NetScaler SSL performance/hardware acceleration for user web traffic
• Up to date Intel: URL threat intelligence with up to date information for blocking phishing, malicious or compromised websites
• Ease of Use : NetScaler SWG Wizard for easy configuration
• Visibility & Analytics : Visibility and insights into user behavior, threats through MAS. Easy configuration and granular controls on
traffic
Forward Proxy

3 © 2017 Citrix | Confidential


Filtering, Visibility & Analytics with NetScaler SWG

Forward Proxy SSL Interception URL Filtering User Auth Extensive Reporting
Logging

Proxy modes: Transparent Proxy Explicit Proxy

URL Filtering Modes: Cloud-powered URL Categorization Local blacklisting/whitelisting

4 © 2017 Citrix | Confidential


SSL Interception
Features
• SSL Traffic can be intercepted/bypassed/Reset based on below parameters
• URL filter category
• URL Reputation Score
• List of custom URLs
• SSL Bypass – Learning mode :
• URLS will be added to learning mode on encounter of SSL Errors from the web
sites

Benefits
• Flexibility : Administrators can easily configure the list of urls to get bypassed. For Example to bypass all Banking
Sites URL filter category can be used.
• Administrators can create their own custom list
• Save CPU Resource:
• Administrator can make the choice of non intercepting urls whose reputation score is high. For example
google.com can be bypassed , but twitter can be intercepted for checking the posting of tweet feeds
• SSL processing with performance & scale
5 © 2017 Citrix | Confidential
Flow Diagram

Client NetScaler Server


1. SYN 4. SYN

2. SYN ACK 5. SYN+ ACK

3. Client Hello
6. Client Hello + SNI

7. Server Hello
8. Server Cert/Key

9. Client Auth(Optional)
10 Server Hello Done
11. Server Hello + Forged Cert

12. SSL Handshake Complete

13. Application Data


14. Application Data

6 © 2017 Citrix | Confidential


URL Filtering
Features
• URL’s accessed will be categorized and reputation score will be given
• Categorization and Reputation Score is gathered from Cloud and local cache is
maintained.
• If the requested URL is not in local cache then categorization and reputation
information will be gathered from cloud
• Custom filter, e.g. for filtering social media content:
• Stored in local device as string array
• Retrieved from remote web server, for example web server owned
• No of Categories – 180
• No of URLS – 32 Billion Entries
7 © 2017 Citrix | Confidential
URL Filtering – Details

• Supports 180 Categories . NetScaler


Configuration is made simpler by
grouping of different categories into
logical blocks
– For example Social Networking includes
YouTube , twitter, Facebook etc

• Supports categorization of URL’s


which are short-lived( tiny url) and
can block short-lived phishing and
malicious urls

8 © 2017 Citrix | Confidential