The differences between Explicit Edge SWG (ProxySG) and Transparent Edge SWG (ProxySG)
search cancel

The differences between Explicit Edge SWG (ProxySG) and Transparent Edge SWG (ProxySG)

book

Article ID: 166958

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

What is the differences between an Explicit Edge SWG (ProxySG) and Transparent Edge SWG (ProxySG)?

Resolution

In an Explicit Edge SWG (ProxySG) configuration, the client (browser) is explicitly configured to use a proxy server, meaning the browser knows that all requests will go through a proxy.  The browser is given the IP address and port number of the proxy service (the ProxySG). You could also use a Proxy Auto-Configuration (PAC) file to configure the browser to download the proxy settings from a Web server. When a user makes a request, the browser connects to the proxy service and sends the request. The disadvantage to explicit proxy is that each desktop must be properly configured to use the proxy, which might not be feasible in a large organization. However, using GPO to push out the change simplifies the process.

When Transparent Edge SWG (ProxySG) is enabled, the client (browser) does not know the traffic is being processed by a proxy other than the origin server. To enable the Edge SWG (ProxySG) to intercept traffic sent to it, you must create a service and define it as transparent. The service is configured to intercept traffic for a specified port, or for all IP addresses on that port. A transparent HTTP proxy, for example, typically intercepts all traffic on port 80. To make sure that the appropriate traffic is directed to the Edge SWG (ProxySG), deploy hardware such as a Layer-4 switch or a WCCP router, or the Edge SWG (ProxySG)'s software bridge that can redirect selected traffic to the appliance. Traffic redirection is managed through polices you create on the redirection device. The Edge SWG (ProxySG) can also be deployed in an inline configuration as well, where traffic traverses the Edge SWG (ProxySG) by ingressing the inbound interface and egressing the outbound interface. However, since that means all traffic will traverse the Edge SWG (ProxySG), it is a better idea to use a Layer-4 switch or WCCP instead.