You can configure your proxy cluster (and thus associated proxy instances) for content inspection when your device users use the Symantec Work Web app. Content inspection is enabled by using the proxy cluster integration option with Symantec's Data Loss Prevention (DLP) server. The power of this integration provides you with content inspection of exposed data, and associated remediation, across your mobile devices that use the Symantec Work Web app .
What is Symantec Data Loss Prevention (DLP)?
Symantec's DLP application allows protection and management of confidential data wherever it is stored. This protection scope includes multiple endpoints such as network systems, storage system and mobile devices. DLP can be framed into 4 key functions which prevent confidential data exposure and loss:
DLP discovers where specific data is stored across your endpoint
DLP monitors how that data is being used when the users of these endpoints are on or off the corporate network.
DLP protects exposed data by providing real-time notifications to users, securing identified exposed data and immediately stopping outbound communication.
DLP manages exposed data through data loss policies. The administrator has access to a powerful web-based management console where granular data policy and remediation can be defined.
To integrate your proxy instance with DLP, you must first configure you proxy instance with DLP and then
Configure your proxy cluster for content inspection using Symantec DLP server
There are two steps that must be competed to support your proxy cluster integration with DLP:
Associate your proxy cluster with a DLP server
From your Mobility Manager console, access Settings > Proxies.
Select the Actions drop-down from the proxy cluster that contains the the proxy instance association you wish to associate with the DLP server.
In the example above, the proxy instance Proxy_Cluster_App has been chosen as it contains proxy_instance99.
Select Actions >Edit Cluster. You see the Edit Cluster page. Scroll down to the Content inspection section. Slide the content inspection slider to enable content inspection. You see the following:
Content Inspection slider - When enabled, your proxy instance routes traffic to a DLP server. This enables content inspection within the proxy cluster and for all proxy instances associated with that proxy cluster. If this slider is set to off, all outbound and inbound app traffic is routed directly to the proxy instance as normal and the DLP server connection is disabled.
Hostname - Hostname or IP address of the DLP server.
Port - Port used for connectivity to the DLP server. Default value is tcp port 1344.
Configure an app policy to use a proxy instance with the app proxy role enabled
You associate a specific proxy cluster, for an app to use, within an app policy. From your Mobility Manager console, access Policies and Rules > App Policies Scroll down to the Network Access Control section. You see the following:
Notification messages - Sends a notification message to end users when apps are blocked.
Secure app proxy - Directs app traffic through any proxy instance associated with the proxy cluster that you specify in the secure app proxy drop-down.
When enabled, the drop-down populates with all proxy instances with the App Proxy role enabled.
Whitelisted locations - Defines what locations your app has connectivity to. The default value is all.
To enable content inspection within the app policy, ensure that the Content inspection checkbox is checked. Your Symantec Work Web app uses the app policy with the content inspection optin enabled.
From your Mobility Manager console, access App and select the Symantec Work Web app.
Click the edit icon and select the app policy, that has DLP (content inspection) enabled, from the app policy drop-down.
Once you have completed the two required actions, the proxy instance routes app traffic to a forwarding proxy server and then to the DLP server. An illustration of the data flow between a proxy instance with content inspection enabled and a DLP server (with numerical sequence designation) is shown below:
The DLP server evaluates the app traffic from the device user's Symantec Work Web app based on existing DLP policies. An example of a DLP server, with the policy list table, is shown below:
Certificate download and install requirement
A root certificate from the SQUID server must be installed on all mobile devices that have the Symantec Work Web app installed when Symantec Secure Web is configured to utilize an app proxy with content inspection enabled. This certificate is needed to access websites from a mobile device using the Symantec Work Web app with content inspection enabled.
To install the certificate to mobile devices, please follow the steps listed below:
Access the server running the proxy instance with the app proxy role enabled.
Change directory to /usr/local/squid/etc/.
Copy the certificate, intercept.pem, to your local machine.
Email the intercept.pem certificate to users of all mobile devices that use an app which is configured to utilize an app proxy with content inspection enabled.
Instruct the mobile device users to install the certificate on their device. This is done by opening the email with the attached intercept.pem certificate and clicking on this certificate file. The certificate should install to the local certificate store on the device.
Using your proxy instance with App Proxy enabled with DLP greatly extends content security on your mobile devices.
Subscribing will provide email updates when this Article is updated. Login is required.