Documentation - Secure Web Gateway
Introduction
InstaSafe is an RFC 2616 compliant HTTP/1.1 proxy server, specially designed to provide maximum protocol, and payload security.
InstaSafe based Secure Web Gateways enable your users to safely access the web.InstaSafe, when setup in Reverse Proxy mode, secures your web applications.
InstaSafe is a highly scalable software, that enables scaling up by increasing the hardware provisioning, or scaling out by creating an application cluster.
While the installable packages for both these platforms are different for obvious reasons, the configuration and operation is quite identical. So you can choose platform of your choice, to host InstaSafe Proxy Service. Yes, the advantages of deploying InstaSafe on Linux are overall higher because the Linux operating system is better suited for servers. But then if you are more comfortable with Microsoft®Windows, you can happily deploy on Windows. Migration from either of the platforms to the other is not very difficult, really!
System Requisites
Use InstaSafe Appliance Builder (IAB) to setup your secure web gateway. SAB is an Ubuntu Linux operating system ISO, customized to provide automatic setup of all the necessary files and services. IAB enables you to transform a standard Intel® hardware architecture for servers, into a hardware web security appliance, or a setup a virtual appliance on any virtualization infrastructure like VmWare® or Microsoft Hyper-V®.
Use the InstaSafe installation packages (tar.gz) if you wish to setup secure web gateway on other Linux distributions like RedHat®, SuSe®, CentOS®, etc.
Use Windows installer package to setup InstaSafe on a Microsoft Windows system.
Note: InstaSafe Secure Web Gateway is powered by SafeSquid
Hardware Requirements
Minimal Hardware
- RAM: 4 GB
- CPU: 4 Core
- HDD: 160 GB (Depending upon the number of logs and database you want to keep)
Recommended Hardware
The above specified Minimal Hardware should enable you to do a functional setup of InstaSafe.
However provisioning it for active servicing a platform with atleast 8 CPU cores, and 8GB RAM should be a great starting point.
InstaSafe is SMP-aware, enabling seamless scale-up by increasing CPU cores, RAM and NIC.
As a thumb rule for server sizing add 2 CPU cores and 4GB RAM per 100 concurrent connections.
If you intend to use InstaSafe's HTTPS Inspection feature, using processors with "AES-NI", is recommended.
How to find out AES-NI (Advanced Encryption) Enabled on Linux System
InstaSafe is cluster-ready.
You may thus scale-out by adding nodes to your cluster.
A clustered setup would give you the advantage of both load‑balanced throughput as well as high‑availability service.
Installation and Activation
Get Product Activation Key
Before downloading the InstaSafe installer(s), you MUST register to create your account on InstaSafe's self-service portal. Registration is free, and requires just a few minutes. Your registered account also provides the management of InstaSafe's cloud-backed features, like Custom Web Categorization, VPN support, Configuration Backup, Subscription management, etc.
All registered users are provided with a Product Activation Key. After the actual installation, you must upload this activation key via InstaSafe's Browser based Interface. Your users may not be able to access the web until then. Use the same Activation Key across all your instances of InstaSafe, to ensure easy replication of policies, and other common aspects.
Download Installation Package
InstaSafe Appliance Builder
InstaSafe Appliance Builder (SAB) is the most recommended installer. You may download it using the link displayed when you log into your registered account. Alternatively you may download it from - https://downloads.InstaSafe.com/appliance/InstaSafe.iso . SAB is a customized version of Ubuntu 18.04 x86_64 minimal iso. You may create a virtual appliance using the SAB iso on any virtualization infrastructure, or boot a standard Intel Server hardware to create a hardware appliance.
Basic Setup
If you plan to use HTTPS inspection, then you must first configure HTTPS inspection
Integration of InstaSafe Proxy Service with your Microsoft Active Directory, or OpenLDAP service, would be the most recommended immediate next step.
The How To section could provide you with a fair idea of the rest of the goals that you may want to achieve.
How to integrate AD or OpenLDAP with InstaSafe
Overview
Active directory information is used to authorize/authenticate the users and computers which are part of your network. Active directory objects are mainly a set of attributes like domain, Organization Unit(OU), user, group, subnet etc. In any Active directory domain controller is responsible for all the authorizations/authentications inside a domain. If any user has access to a domain, he/she can logon from anywhere and any computer in that domain. Active directory Organization unit(OU) can appear only inside a domain and can be used to denote a specific department, location, team, etc. OUs are unique inside a domain. Organization Unit contains objects like users, groups, computers, etc. Active directory user is part of organization and has unique idenity in the domain. Also each user has an unique SID which authorizes user and allow/deny users to access the network resources. Each account is unique and is secured by password.
Why should we use Active directory services?Active directory services are highly secured they may have layered security which consists of policies and permissions for security at different levels. Objects are usually located anywhere yet can access the domain/network resources securely. Also Active directory services are easily scalable and extensible. Active directory services has easy and efficient mechanism to locate an object. Users can have the same environmental settings immaterial of which computer or location they logon from.
Why is a proxy based web-gateway integrated to a Microsoft AD or OpenLDAP?
Network enterprises that have a large number of users, popularly manage user credentials via a centralized system.The centralized system ensures user identification across all the networked enterprise resources and services.Users too benefit immensely, as they need a singular credential to access anything across the network enterprise.
Microsoft’s Active Directory, and OpenLDAP based various Directory Services like Novell’s e-Directory are extremely popular for setting up a centralized user identity management systems.Almost all Directory services also offer role, and hierarchy based grouping of users. Most enterprise class networked resources and services also allow control of user access, and rights based on their group membership.
A proxy-based web gateway is an application layer firewall service that distributes Internet Access to people in the networked enterprise. It is thus essentially a network service.A Web Gateway when integrated to a Directory Service, can:
- Authenticate the users, based on their Directory Service Credentials,
- Control their access to the web depending upon their enterprise role and hierarchy,
- Log and report their activity, in a manner that the HR managers can analyze internet usage individually and of groups of people.
Tutorial Goals
In this tutorial you will see how to integrate your Microsoft Active Directory or OpenLDAP service to a proxy server easily.With the use of InstaSafe SWG WebGUI it is easy to perform the necessary integration process, you can create the policies to control access, and validate the success.
At the end we will inspect InstaSafe’s logs to inspect how the internet usage of any user identified via the Directory Service, is recorded for the purpose of analytics.InstaSafe can be integrated to the Microsoft Active Directory for SSO/Kerberos based user identification. The additional steps required for Kerberos configuration are discussed in another tutorial.
Prerequisites
Collect the following information before starting integration
- LDAP Server Fully Qualified Domain Name ( FQDN ) and IP address.
- LDAP Administrator User name and Password.(You can provide any user from LDAP server who has administrator rights)
- LDAP Server Basedn
- LDAP Server Domain name
Note :
- Add InstaSafe server DNS entry in your Active Directory Server
- Make sure that your AD Domain must be resolvable from all clients and InstaSafe Server.
Integration of Microsoft Active Directory
Integration of Active Directory include the following types of Authentication.
Simple Authentication
Simple authentication is a type of interactive authentication to the user. If you configure simple authentication the user will be prompted for credentials for every new session opened.
SSO Authentication
SSO authentication is a type of non-interactive authentication to the user. In SSO authentication once the user logged into his/her system then that credentials will be used for all sessions opened by that user.
Preferred Linux distribution: Setup Your Secure Web Gateway on your preferred Linux distribution
InstaSafe Appliance Builder (SAB) is an optimized version of Ubuntu Linux, optimized for easy setup of your secure web gateway. The SAB installs the Ubuntu Linux operating system, downloads and deploys the InstaSafe for Linux installation package, and the necessary dependencies. InstaSafe can also be installed on any other Linux operating system like Red-Hat, SuSe, CentOS, etc.
How to setup virtualization environment for InstaSafe with VirtualBox.
VirtualBox is a powerful x86 and AMD64/Intel64 Virtualization Product. It can be used for Enterprise as well as for personal use. It is freely available and is an Open Source Software. It runs on windows, Linux, Macintosh and Solar Host.
Setup HTTPS Inspection
HTTPS Inspection is the standard Security technology for encrypting a connection between the client and web server. Enable HTTPS inspection on InstaSafe SWG to inspect HTTPS traffic that is encrypted by the Secure Sockets Layer (SSL) protocol. InstaSafe will do deep content inspection of encrypted HTTPS traffic. Further this encrypted content can be filtered easily.
Integrate a Linux Host with a Windows AD for Kerberos SSO authentication
Kerberos Authentication support is particularly useful for Enterprise networks that have a Microsoft AD based Domain controller. By properly configuring the necessary Kerberos related factors, your enterprise Internet users can optionally enjoy Windows Integrated Authentication. Windows Integrated Authentication is a non-interactive authentication process, that uses SSO authentication. SSO ensures that your users do not have to manually provide their user credentials as username / password to access your networked enterprise resources and services, yet their access is restricted as specified. SSO, thus not only just adds convenience to the overall user experience, but also enhances security.
Block Personal Gmail And Allow Google Corporate Accounts
Block Personal Gmail to ensure Data Security. No sharing of confidential data with personal accounts.You may want to prevent users from signing into Google services using any accounts other than the accounts you provided them with.Auto logout when detected that user is logged into personal Gmail. You can setup InstaSafe to block the access to consumer Google accounts.
Data Leakage Prevention
Controlling Uploads
DLP module is primarily used to restrict/prevent uploads of confidential and critical information from any organization. You can select predefined content type(s) in DLP section to prevent their upload(s). You can create multiple policies in DLP section such that all the selected content types will be blocked when any end user tries to upload it.
Block Virus Uploads And Downloads
Protect your network against viruses, Trojans, malware and other threats. You can block virus uploads and downloads by using InstaSafe. InstaSafe is providing different types of antivirus setups.
Block Anonymous Proxies
An anonymous proxy will allow your users to surf the web anonymously, since it tunnels your data through servers that are spread out across the globe and involve other IP addresses. Anonymous Proxy service enhances your security and lets your users access some restricted websites online. You can block these proxies by using InstaSafe, so that no user access the blocked websites
Block Advertisements And Banners
Security was the main reason cited for blocking of Advertisements. Advertisements can be annoying or intrusive. Blocking of advertisements can result in quicker loading and cleaner looking web pages with fewer distractions, lower resource waste (bandwidth, CPU, memory, etc.). You can setup InstaSafe to block all types of annoying advertisements and banners.
Block Third Party Cookies
You can block the cookies for third-party domains. Control tracking your activity across different sites and you can hide the referer for third-party domains. Now referer is same as hostname. You can also hide the user agents for third-party domains. Instead of original user agent InstaSafe use default user agent. (Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)).
Block Particular User Login To Facebook Or Gmail
Restrict selective login user-names of logins from Facebook Or Gmail. You just enable default rule and modify your respective username with default ones. Now except selected users all can able to login into Facebook or Gmail.
Profiled Internet Access
Your secure web gateway serves a variety of users, and applications. Appropriate restrictions ensure the web access boosts efficiency, while curbing non-productive activities. InstaSafe enables you to define policies as access profiles, and ensure compliance. Create policies for users, based on their organizational hierarchy, and business role, to boost productivity.
Enforce Safe Searches On Gateway
World Wide Web provide extensive knowledge on almost every topic that you can think. Due to the vast information scattered around on the web we sometimes find the content that are irrelevant and inappropriate. We often come across adult/porn content accidentally while we are trying to find some information over internet. This may be faced by children or by someone who isn't supposed to watch pornographic content. Search engines help us big time in searching the appropriate content, but can sometimes mislead us. To avoid this Search engines has started providing with an additional feature Safe-Search.You can setup Safe Searches for different search engines like Google, Yahoo, Bing by using InstaSafe.
FAQs
What is InstaSafe SWG?
InstaSafe is an RFC 2616 compliant HTTP/1.1 proxy server, specially designed to provide maximum protocol, and payload security.
InstaSafe based Secure Web Gateways enable your users to safely access the web.
InstaSafe, when setup in Reverse Proxy mode, secures your web applications.
InstaSafe is a highly scalable software, that enables scaling up by increasing the hardware provisioning, or scaling out by creating an application cluster.
Why should I use InstaSafe?
InstaSafe is an HTTP Proxy Server specially designed for web security. You should use InstaSafe for securely distributing Internet access across large network and to protect your enterprise against productivity losses, and collateral losses.
Which Operating Systems does InstaSafe support?
InstaSafe support both operating systems, i.e. LINUX as well as Microsoft Windows.
The installable packages for both these platforms (LINUX and Microsoft Windows) are different for obvious reasons, the configuration and operation is quite identical. So, you can choose platform of your choice, to host InstaSafe Proxy Service.
Yes, the advantages of deploying InstaSafe on Linux are overall higher because the Linux operating system is better suited for servers. But then if you are more comfortable with Microsoft®Windows, you can happily deploy on Windows. Migration from either of the platforms to the other is not very difficult, really!
What is the minimal hardware required for InstaSafe?
RAM: 4 GB
CPU: 2 Core
HDD: 160 GB (Depending on the size of logs and database you want to store)
See the Hardware Requirements here - Hardware requirements
What is InstaSafe Appliance Builder?
InstaSafe Appliance Builder (IAB) is the most recommended method for setting up your secure web gateway. IAB is a customized distro of Ubuntu Linux. It enables you to quickly setup your secure web gateway on a standard Intel server hardware, or as a virtual appliance on any virtualization platform like VMware or Hyper-V.
IAB automatically installs and configures all dependency libraries, and services.
Where should I get the latest version of InstaSafe to upgrade?
You can download InstaSafe SWG for Windows package from - http://downloads.InstaSafe.net/SWG/windows/setup_InstaSafe_swg_latest.exe
You can download InstaSafe SWG for Linux package from - http://downloads.InstaSafe.net/appliance/binary/InstaSafe_latest.tar.gz
What is InstaSafe for Windows?
InstaSafe for Windows is content filtering proxy server. InstaSafe for Linux has been natively ported for use on Microsoft Windows platform, and distributed as InstaSafe for Windows. It gives you Total Access Control, Total Content Control & Total Internet Security. InstaSafe for Windows can be installed on any desktop/server having Microsoft Windows based 64-bit Operating Systems.
Where should I get a product activation key?
You can get a product activation key on InstaSafe self-service portal - https://key.InstaSafe.com/
You must register to create your account on InstaSafe self-service portal and download your product activation key
What is InstaSafe Self Service portal?
The InstaSafe Self-Service Portal is the cloud-based management console for InstaSafe.
The InstaSafe Self-Service Portal manages the activities like, InstaSafe cloud-backed features, Custom Web Categorization, Web Security Clients for Roaming users (VPN), Confidential Data Signatures, Subscription management, etc.
Read more about Management of Self-Service Portal
Whom should we permit to access the InstaSafe Web GUI?
InstaSafe has an intrinsic Web GUI, that enable you to manage your installation, setup required policies, and monitor your secure web gateway.
You should configure InstaSafe policies to allow access of the Web GUI to only security administrators.
How do I know InstaSafe product is activated?
If you able to access all the websites from your browser that means your product is activated.
Where should I get license details?
Once you activate product successfully you should get license details on Support page of InstaSafe Web GUI.
For more details follow- LINK
Why am I getting "Proxy Access Denied?"
If you should not properly configure policies under access restriction section or administrator should not give you access of InstaSafe Interface, you are getting "Proxy Access Denied" template.
Does InstaSafe inspect HTTPS traffic?
Yes of course, InstaSafe inspect HTTPS traffic.
HTTPS Inspection is the standard Security technology for encrypting a connection between the client and web server.
When should I enable HTTPS Inspection?
Enable HTTPS inspection on InstaSafe SWG to inspect traffic that encrypted by the Secure Sockets Layer (SSL) protocol. By that InstaSafe do deep content inspection of encrypted HTTPS traffic. Encrypted content filtered easily.
When should I bypass HTTPS Inspection?
The HTTPS inspection Bypass option enables you to define specific websites that are not subject to decryption as they flow through the proxy.
Some websites may include personal identification information that should not be decrypt.
To avoid liability for inspecting this type of information, you may want to specify some or all these sites for decryption bypass.
The selected sites will not be decrypt even if the category or categories that the sites belong to selected for SSL analysis.
What are the benefits of HTTPS inspection in InstaSafe?
Having HTTPS inspection feature some interesting things that you can do with this InstaSafe SWG
You should block access to personal Google accounts.
You should give Read only access to the Facebook, Twitter sites. Users can able to login into their accounts but they cannot able to do post or comment or like or chat.
You should enforce safe search or safety mode-based searches in Google, Bing and Yahoo search engines and also, we can enforce in any websites that are offering safety mode-based search.
You should block images over Google
You should filter text, Images over HTTP, and HTTPS sites
You should allow specified users to access or to login into specified HTTP and HTTPS sites and block others
You should use Virus scanning for both HTTP and HTTPS sites?
You should block attachments to Gmail and Block Gmail Chat
What is an SSL certificate?
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details.
When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.
SSL Certificates provide secure, encrypted communications between a website and an internet browser.
SSL stands for Secure Sockets Layer, the protocol which provides the encryption.
SSL Certificates installed on pages that require end-users to submit sensitive information over the internet like credit card details or passwords.
Where can I get an SSL certificate?
You should get SSL certificate on InstaSafe self-service portal at - https://www.InstaSafe.com/
You can generate new self-signed certificate also.
Follow - LINK
Can I use my SSL certificates generated from my Enterprise CA?
Yes, you can use your SSL certificate generated from you Enterprise CA if you have. InstaSafe provides you a facility to use SSL certificate generated from Enterprise CA.
Can I integrate an LDAP service like Microsoft Active Directory or OpenLDAP with InstaSafe?
Yes, you can integrate an LDAP service like Microsoft Active Directory or OpenLDAP with InstaSafe if your network enterprises that many users have, popularly manage user credentials via a centralized system.
Microsoft’s Active Directory, and OpenLDAP based various Directory Services are extremely popular for setting up a centralized user identity management system.
A Web Gateway when integrated to a Directory Service, can:
Authenticate the users, based on their Directory Service Credentials,
Control their access to the web depending upon their enterprise role and hierarchy,
Log and report their activity, in a manner that the HR managers can analyses internet usage individually and of groups of people.
What is InstaSafe SSO Authentication?
InstaSafe SSO authentication is non-interactive authentication process.
InstaSafe SSO Authentication support is particularly useful for Enterprise networks that have a Microsoft AD based Domain controller.
By properly configuring the necessary Kerberos related factors with InstaSafe, your enterprise Internet users can enjoy SSO Authentication.
InstaSafe SSO authentication ensures that your users do not have to manually provide their user credentials as username / password to access your networked enterprise resources and services, yet their access restricted as specified. InstaSafe SSO authentication, thus not only just adds convenience to the overall user experience, but also enhances security.
If my SSO authentication fails is LDAP fail over functionality available in InstaSafe?
If user unable to get access for network enterprise in case, user should not face any problem of authentication because InstaSafe gives you a fantastic functionality known as LDAP fail-over.
If user face any issue while SSO authentication he/she should give LDAP valid credentials i.e. Username and Password.
Once username and password validated user should get access for network enterprise.
When should I bypass authentication?
Certain applications (like Dropbox) which does not support proxy authentication, they want to bypass authentication for that application.
Can I use InstaSafe Captive portal to monitor internet usage traffic?
Yes, you can use InstaSafe captive portal to monitor internet usage traffic.
What is InstaSafe Captive portal?
InstaSafe captive portal is works as same as general captive portal.
Used to enhance security of WIFI network by authenticating users before granting internet access.
Users will receive InstaSafe captive portal landing page when they try to access internet access via WIFI network. Users will punch in credentials.
InstaSafe captive portal validates user credentials using various authentication mechanisms and maintains database of authenticated source IP addresses and usernames for lookup.
If a user from a source IP address authenticated through captive portal, then InstaSafe will pick the username from the database and attach to the traffic coming from the same source IP address
This way InstaSafe captive portal secures WIFI network by only granting access to valid users
Combining InstaSafe Captive Portal with InstaSafe secure web gateway will allow you to monitor internet usage, allow you to filter traffic and do many more things to enhance security levels.
Does InstaSafe supports transparent proxy?
Yes, InstaSafe supports transparent proxy.
InstaSafe support both HTTP and HTTPS websites in transparent mode. The HTTPS websites in transparent mode called as SSL transparent proxy
The traffic will come to router and router will send traffic to InstaSafe Secure web gate way with port 80 and 443 respectively.
The redirection rules on InstaSafe Secure web gateway will redirect traffic to InstaSafe Proxy with port 8080 and 8443 (SSL transparent) respectively (By enabling IP forwarding).
Why should I enable WCCP?
If you are looking for transparent redirection of traffic, Load balance traffic & scaling up or Service assurance & high availability, you should enable WCCP in InstaSafe
Enable WCCP support in routers. This can be done only if your router supports WCCP.
Ex: CISCO ASA routers.
Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. It has built-in load balancing, scaling, fault tolerance, and service-assurance (failsafe) mechanisms.
Can I prevent user to access Social networking sites?
Yes, you can prevents users from accessing Social networking sites using InstaSafe.
If you configured InstaSafe, will block all social networking sites by default.
You can allow those sites for specific time say in between LUNCH hour.
Facebook is a social networking website that allows users to interact with other users in a multimedia environment on the Web. Facebook users can install and use applications to enhance their experience. Many organizations want to allow Facebook access to maintain morale, increase retention, and boost hiring, but they also want to control access to it.
InstaSafe allows you to give full Facebook access to your social media group, partial access to a customer service group, and read-only access to other groups. Access to Facebook can also assigned by time of day, so permissions could relax during lunch or after business hours. For more details follow - LINK
Can I prevent users to upload confidential data?
Yes, you can prevents users from uploading confidential data using InstaSafe.
When you have confidential information in your organization and someone from internal users just leaked the information intentionally or unintentionally, then what will happen? Huge productivity loss.
There are various mediums for data leakage. Users can upload important document to internet, even though your content filtering software does not allow users to upload Microsoft Word and Microsoft XL files, users can act smart and creates an archive using those files and tries to upload achieved files. You cannot simply block archives in your organization because there are people who simply use archive to transfer log files of large sizes.
There are other users who simply take information out of Microsoft Word and Microsoft XL and simply send an Email to third party.
In modern era, these kind of data leaks become a challenge for organizations. Organizations are in a quest for content filtering software’s which can deeply inspect archive files and able to identify whether the archive or emails which contains certain keyword matches.
This challenge is also big for security experts because when there is an upload the post data formation is different for Gmail / Google Drive/ Media fire/ Drobox etc. The wide range of formations of post data made it difficult for security experts to derive concrete solution to these challenges.
But InstaSafe come up with Advanced DLP solution embedded into InstaSafe SWG, which analyses post data, deeply inspect archives using file decomposition methods and able to identify whether archive or emails or social media posts contains certain keyword matches. Based on the match you can take effective actions like block upload if user is so and so or block if the destination website is so and so.
The Advanced DLP solution can managed from InstaSafe Self Service portal there you can create various keyword expression matches. InstaSafe SWG will download those keyword expressions and loads into memory. When an archive uploads or an email write, InstaSafe SWG analyses Post data and transmit it to the Clam AV daemon for Signatures verification. If the keyword expression matches Clam AV daemon responds with match. InstaSafe will take respective action based on match.
Can I prevent users to upload specific file extensions?
Yes you can prevent users from uploading specific file extensions using InstaSafe.
InstaSafe DLP section is nothing but Data Loss Prevention module, used to protect from sending sensitive or critical information outside the corporate network.
It is possible by blocking the specific file types or file extensions based on Content type and extension of file types.
For more information follow - How to block file uploads or downloads
Can I prevent users to use anonymous proxy?
Yes you can prevent users from using anonymous proxy using InstaSafe.
An anonymous proxy will allow users to surf the web anonymously, since it tunnels your data through servers that spread out across the globe and involve other IP addresses.
Anonymous Proxy service enhances your security and lets your users access some restricted websites online.
InstaSafe block these proxies so that no user can access the blocked websites.
For more detail follow – How to block anonymous proxies
Can I prevent users to use their personal Gmail account in company network?
Yes, you can prevent users from using their personal Gmail account in company network using InstaSafe.
Currently e-mails are necessary to exchange information. But allowing personal e-mails in the office network allows users to spend their productive time in other unnecessary things. Personal mails can be also a path leading to send confidential information. Blocking personal mails, solves the issue. But now some of the company mails are via Google Corporate domains.
Google corporate account allows organization to have their mailing server along with the additional Gmail features personalized for the organization with complete control. So, we currently cannot block Gmail.
Can I prevent user to login over Facebook or Gmail?
InstaSafe restrict specific users from login over Facebook or Gmail.
Except selected users all can able to login into Facebook or Gmail.
Does InstaSafe protect network against Malware and External Attacks?
InstaSafe protect network against Malware and External attacks. There are numerous ways to protect and remove malware from our computers.No one method is enough to ensure your computer is secure. The more layers of Défense, the harder for hackers to use your computer.
Should I block third party cookie?
InstaSafe block the cookies for third-party domains.
Control tracking your activity across different sites and hide the referrer for third-party domains. InstaSafe provides you a great functionality. Now referrer is same as hostname.
You can also hide the user agents for third-party domains, instead of original user agent. InstaSafe use default user agent (Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)).
For more details - How to block third party cookies
Where should I get InstaSafe default policies?
You should get InstaSafe default policies and it's respective how to on "How To" section of http://docs.InstaSafe.com
Should I get performance plot in InstaSafe?
You should get performance plot on support page of InstaSafe Web GUI. You can generate performance plot as per your choice. InstaSafe gives you choice according to Last hour, last 7 days, last month, today InstaSafe also gives you choice to select custom time.
Should I get support tarball in InstaSafe?
You should get support tar-ball on support page of InstaSafe Web GUI. You can generate new support tar-ball. You can search support tar-ball from existing list according to year, month, day, or time
Should I download my config file?
You should download your config file any time. InstaSafe gives you choice to download config file according to year, month, day, or time. InstaSafe also gives you choice to download default config file in case you should have to revert the config file.
Is InstaSafe provide dashboard for reporting?
InstaSafe provide dashboard which contain details of last 1000 transactions. InstaSafe dashboard provides Ip address, Users, User groups, websites domains, profiles, application signature, categories, upload content, download content, User can edit total number of transactions as per the requirement for report. User also gets report based on date range. Use can select any number of filtering option.
Should I get report in PDF format?
InstaSafe reporting model gives you exportable reports to PDF and Excel formats. To get report you have to access InstaSafe interface and click on Reports > Dashboard. At right bottom you should get PDF button just above the InstaSafe version.
Can I get report of specific dates?
Yes, InstaSafe has reporting model. InstaSafe reporting model reduced data Processing time. InstaSafe reporting model gives you more detailed reports. InstaSafe reporting model gives you hour-wise reports. InstaSafe reporting model gives you more filtering options. InstaSafe reporting model gives you deeper data analysis. InstaSafe reporting model gives you an automated data mining engine. InstaSafe reporting model gives you exportable reports to PDF and Excel formats. My InstaSafe becomes very slow after it has been running for some time? Why?
How does InstaSafe licensing work?
InstaSafe SWG is available with annual subscription. Base Subscription Plans
You may choose any one of the following Base Subscription plans:
Named Users
Concurrent Connections
CPU Hours
Named Users, and Concurrent Connection based subscriptions are annual subscriptions. You may however purchase for multiple consecutive years.
Premium Features Subscription
Data Leakage Prevention
Support for Roaming (Windows Laptop) users
Log Aggregator
WCCP
For more details Follow - InstaSafe licensing
How do I purchase InstaSafe secure web gateway?
You can opt for InstaSafe SWG subscription by paying online via PayPal or via Wire / Bank Transfer.
What happens if I stop paying InstaSafe for my subscription(s)?
As InstaSafe SWG is available as annual subscription, if you do not renew your subscription the product will stop working.