Comodo Help
Find the desired product help
Comodo Secure Web Gateway

Comodo Secure Web Gateway

Secure Web Gateway Quick Start Guide

English

Print Help Download Help
Comodo Secure Web Gateway - Quick Start Guide > Configure Traffic Forwarding To Comodo SWG > Traffic Forwarding Via Proxy Chaining
  • Comodo Secure Web Gateway - Quick Start Guide
    • Purchase A License
    • Login To Your Comodo SWG Account
    • Configure Traffic Forwarding To Comodo SWG
      • Traffic Forwarding Via Direct Proxy Or PAC
      • Traffic Forwarding Via Proxy Chaining
      • Traffic Forwarding Via Internet Content Adaptation Protocol (ICAP)
      • Traffic Forwarding Via SWG Agent
    • Connect Your Network(s) To Comodo SWG
    • Connect Your Roaming Device(s) To Comodo SWG
    • Configure User Authentication Settings
    • Add Users
    • Create Policies
    • Apply Policies
    • Generate Reports
  • About Comodo Security Solutions

Traffic Forwarding via Proxy Chaining


  • As the name implies, proxy chaining is used to link multiple forward proxies to obtain the benefits of each.
  • This method is suitable for larger organizations with multiple networks that want to direct web traffic through Comodo SWG.
  • Comodo SWG is designed to be placed as the "Upstream Proxy" to other web gateways such as Websense, Bluecoat, iboss and so on.

The following examples use a Bluecoat Proxy SG and Comodo SWG integration scenario, where Bluecoat is downstream and Comodo SWG is the upstream proxy.


1. Basic Chaining


Bluecoat > Comodo SWG


In this scenario, Bluecoat Proxy SG is forwarding requests to Comodo SWG but performing no authentication. SWG can be set to do Active Directory authentication.


Use the Blue Coat Management console to forward requests to the SWG as following:

1. In the Blue Coat Management Interface, under the 'Configuration tab', go to Forwading > Forwarding Hosts.

2. Select 'Install from Text Editor' from the drop-down then click 'Install'.

3. Edit the 'Forwarding Hosts' configuration file to point to SWG. e.g:
  • Add "fwd_host Dome_Proxy X.X.X.X http=19080" at the end of "Forwarding host configuration" section.
  • Add "sequence Dome_Proxy" to the end of "Default fail-over sequence" section.
  • Once editing is complete, click 'Install'.
4. In the 'Configuration' tab, go to 'Policy' and select 'Visual Policy Manager'.

5. Click 'Launch'.

6. In the 'Policy Menu', add a new Forwarding Layer with a chosen policy name.

7. Select the Forwarding Layer tab that is created. Edit source, destination and service columns with necessary information. You can also leave as 'Any' by default.

8. Select the alias name you created in steps 2-5 (e.g: Dome_Proxy) from the list.

9. Click OK.

10. Click Install Policy.


2. X-Authenticated-For Chaining


In this scenario, Bluecoat will be configured to pass X-Authenticated-User headers to SWG Proxy and Bluecoat will be doing user authentication as the downstream proxy.


Note 1: Comodo SWG supports passing X-Forwarded-For headers but can not use them with granular policies. They can, however, be used in reporting. Global Policy will be applied to such traffic.


Note 2: Comodo SWG honors X-Authenticated-User headers first and X-Forwarded-For headers next. If you want to set granular policies, use X-Authenticated-User headers.


Edit Bluecoat local policy file:

1. Go to the 'Configuration' tab.

2. Click 'Policy' in the left column and select 'Policy Files'.

3. Edit the text file as following:

[Proxy]

action.Add[header name for authenticated user](yes)


define action dd[header name for authenticated user]


set(request.x_header.X-Authenticated-User, "WinNT://$(user.domain)/$(user.name)")


end action Add[header name for authenticated user]


Or use the Visual Policy Manager

1. Go to the 'Policy Menu' and select 'Add Web Access Layer' and give the policy a name

2. Set Source, Destination, Service and Time column as 'ANY'

3. Right click on 'Set' and click 'New' then 'Control Request Header'

4. Enter X-Authenticated-User in the 'Header Name' field.

5. Select 'Set Value' radio button and enter: WinNT://$(user.domain)/$(user.name)

6. Click 'OK'.

7. Click 'New' and select 'Combined Action Object', enter a name, select the previously created headers and Click 'Add'.

8. Click 'OK'.

9. Click 'Install Policy'.


Note:

  • After connecting your network(s), make sure to add them as a 'Trusted Network' in the 'Locations' interface.
  • If you don't add the network(s) as 'Trusted Network' then Comodo SWG will not function correctly. Your network will also not be able to connect to the internet.

  • See next step Connect your network(s) to Comodo SWG
  • Select 'Proxy Chain' as authentication and traffic forwarding option in the 'Locations' interface.
  • User-based rules are supported for Proxy Chaining traffic forwarding method.
  • Comodo SWG uses ports 17443, 19443 and 19080 to connect to your networks. Please configure your firewall to allow SWG traffic over these ports.


    Please contact us at [email protected] if you have any issues connecting endpoints / networks to Comodo SWG.

    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • EDR Services
    • Ransomware Prevention
    • Managed IT Support Services
    • EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2023. All rights reserved.