What are the current Access methods that the Web security Service (WSS) has and a brief description of them.
- Explicit Proxy
- UA Client (Windows/Mac)
- iOS/Android MDM or Manually deployed
- Proxy Forwarding (ProxySG)
Auth Connector (BCCA):
Most Access Methods require the installation of the Auth Connector (BCCA), which runs on a Windows AD server (Member Server or Domain Controller), to identify users.
Access Method Details:
Unified Agent Client (Windows/Mac)
Pros: Easy to install; one-time enrollment to install VPN profile. This can be done through MDM such as Mobile iron or Airwatch your follow a manual procedure for each device.
Pros: Great choice for customers who already have an on-premise ProxySG appliance; can also provide Hybrid (Common Policy) functionality.
Cons: Requires an existing ProxySG appliance.
NOTE: Ports 8080, 8443 (and optionally 8084) must be open.
Pros: The most common WSS Access Method; supports all major firewall/VPN hardware.
Cons: More complex setup (Blue Coat documentation provides procedures for a variety of vendor devices).
NOTE: Ports 80, 443, and UDP 500 ( ISAKMP) must be open.
Pros: Addresses a specific use case (allows for a single, controlled egress IP address, through port 80 on the firewall).
Cons: Not commonly used; can be more complex to setup.
NOTE: Trans-Proxy is Explicit Proxy over IPsec.