search cancel

ProxySG and Security Analytics Integration


Article ID: 168607


Updated On:


Security Analytics ProxySG Software - SGOS


Is there a way to take the traffic that is going through the ProxySG and push it to a Security Analytics appliance?


At the time of writing, there is no feature that allows the ProxySG to communicate directly with the Security Analytics.

A possible solution to achieve this requirement is to mirror (SPAN) the port(s) of the ProxySG to the port(s) connected to the Security Analytics. Refer to for more information.

For intercepted SSL traffic, the ProxySG has the Encrypted TAP feature that could send decrypted SSL traffic through the TAP port(s).

Encrypted tap streams decrypted data from intercepted HTTPS or STunnel SSL transactions on client connections. The tap is performed simultaneously and on the same ProxySG appliance which is performing the Secure Web Gateway function. The data is presented in a format that can be understood by common network traffic analysis tools like Wireshark, common network intrusion detection systems such as Snort, and so on.
  • Encrypted Tap does not support VLAN.
  • MTU is fixed at 1500 bytes.
  • SSL protocol headers/records/details are not preserved.
  • Encrypted Tap is supported for forward proxy for STunnel and HTTPS, and for reverse proxy for HTTPS.