What do proxy architectures allow that stream-based solutions do not?
Posted: Sun Feb 09, 2025 3:38 am
Scalability, reporting and reduced operational costs
The "multi-tenant policy" capabilities allow two or more independent user groups to use (share) the same Symantec SWG device, with each group having unique sets of policies applied. In addition, multi-tenant is used to scale policies: when several Symantec SWG devices are deployed in a company, and user traffic is processed in different cities, the same policies will be set on each device, then, regardless of which device processes user traffic, the same policies will be applied. The reporting system is optimized for the branched organizational structure of the enterprise and allows for flexible report generation, scheduling of their automatic generation and delivery to stakeholders.
Unlike proxies, stream-based systems (such as firewalls) do not terminate connections, but process traffic on the fly. This is good when it is necessary to process very large volumes of traffic quickly, but this processing method has one drawback - if malware is not transmitted in its entirety, but in fragments, it will remain unnoticed. A proxy may not give an object to the user until it is collected and checked.
Difference between stream-based kenya mobile database proxy-based architectures
Symantec Secure Web Gateway with proxy architecture offers some useful features that stream-based devices usually do not have. In particular, you can configure header modification, rewriting and redirection of URLs, you can analyze and process scripts on web pages. SWG with proxy architecture works with two separate connections each time - towards the web server and towards the user, thus providing the ability to check compliance with protocol standards. This is a very useful feature: it allows, for example, to stop a buffer overflow attack by the streaming audio/video handler and provides the ability to combine protocols between the two sides of the interaction. That is, if the client supports only IPv4, then proxying the communication session for the web server with IPv6 will provide access even without IPv6 support on the client side.
The "multi-tenant policy" capabilities allow two or more independent user groups to use (share) the same Symantec SWG device, with each group having unique sets of policies applied. In addition, multi-tenant is used to scale policies: when several Symantec SWG devices are deployed in a company, and user traffic is processed in different cities, the same policies will be set on each device, then, regardless of which device processes user traffic, the same policies will be applied. The reporting system is optimized for the branched organizational structure of the enterprise and allows for flexible report generation, scheduling of their automatic generation and delivery to stakeholders.
Unlike proxies, stream-based systems (such as firewalls) do not terminate connections, but process traffic on the fly. This is good when it is necessary to process very large volumes of traffic quickly, but this processing method has one drawback - if malware is not transmitted in its entirety, but in fragments, it will remain unnoticed. A proxy may not give an object to the user until it is collected and checked.
Difference between stream-based kenya mobile database proxy-based architectures
Symantec Secure Web Gateway with proxy architecture offers some useful features that stream-based devices usually do not have. In particular, you can configure header modification, rewriting and redirection of URLs, you can analyze and process scripts on web pages. SWG with proxy architecture works with two separate connections each time - towards the web server and towards the user, thus providing the ability to check compliance with protocol standards. This is a very useful feature: it allows, for example, to stop a buffer overflow attack by the streaming audio/video handler and provides the ability to combine protocols between the two sides of the interaction. That is, if the client supports only IPv4, then proxying the communication session for the web server with IPv6 will provide access even without IPv6 support on the client side.