Differences between UPE-managed policy versus Portal-managed policy in Cloud SWG.

search cancel

Differences between UPE-managed policy versus Portal-managed policy in Cloud SWG.

book

Article ID: 221354

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

What are the differences between UPE-managed policy versus Portal-managed policy in Cloud SWG (formerly known as WSS)?

What features get removed from the Cloud SWG (WSS) Portal after switching to UPE?

What are the configurations and policies when moving to Management Center (MC) after switching to Universal Policy Enforcement (UPE)?

Are Shared Objects in the VPM supported in Cloud SWG?

Resolution

The following configurations and policies are removed from a UPE WSS portal. All these configs and rules are managed from the Management center or Referenced ProxySG after the UPE switch.

Changes in Authentication: The Authentication bypass rules are moved to MC. The User\Group Sync using Auth Connector or Third Party SCIM is also removed from the UPE WSS portal.

Identity > Authentication Policy > Global Exemptions.
Identity > Users and Groups

SSL Interception: The following configuration and rules are moved to MC. The only option left on a UPE portal is to download the TLS/SSL Certificate.

Policy > Secure Web Gateway > TLS/SSL Interception > The option to Enable\Disable Interception.
Policy > Secure Web Gateway > TLS/SSL Interception > TLS/SSL Interception Policy.
Policy > Secure Web Gateway > TLS/SSL Interception > OCSP Validation.

Web Access Policies: The following policy options are moved to MC and need to be configured from MC VPM.

Policy > Secure Web Gateway > Threat Protection Rules.
Policy > Secure Web Gateway > Content Filtering Rules.
Policy > Secure Web Gateway > Proxy Restriction Rules.
Policy > Secure Web Gateway > Search Restriction Rules.
Policy > Data Loss Prevention > Traffic Source.
Policy > Web Isolation.
Policy > Header Modification.

Content & Malware Scanning: The Scanning Exemptions and Error handling are managed from MC after the UPE switch.

Policy > Content & Malware Analysis > Scanning Exemptions.
Policy > Content & Malware Analysis > Scanning Error Handling.

Block Exception pages: The WSS Response pages are configured and managed from MC and the referenced ProxySG.

Policy > Response Pages.

End-User Privacy: The Privacy setting configurations are moved to MC.

Account Configuration > Data Retention and Privacy > End User Privacy.

Shared Objects:

Shared Objects in the Authentication Layer in the VPM are not supported in Cloud SWG.
Documentation: Using a Shared Object for auth policy in Cloud SWG fails

Feedback

thumb_up Yes

thumb_down No