Onboarding process for Cloud Secure Web Gateway (Cloud SWG formerly known as WSS)

Cloud Secure Web Gateway

This document is designed to help you self-onboard to the Cloud SWG.

This article provides the following basic Onboarding steps: 

1. Register your customer account (with your Subscription ID).
2. Send traffic to the service through the configure-less WSS Agent Access Method.
3. Create a basic Policy rule.
4. Verify protection.

NOTE: this article is not a comprehensive document for all Access Methods.

For complete documentation for all other Access Methods, see the document home page

Other helpful resources for new customers include: 

• Required Ports to open
• List of data-center IP addresses
• Site Review (Cloud rating database)

STEP 1. Register your customer account (with your Subscription ID).

When a WSS account is created, you receive an email from Blue Coat that contains your Subscription ID.

The Subscription ID is a string of 15 characters (beginning with a letter C followed by 14 digits).

Your unique Subscription ID is required to register and onboard your account.

After you obtain your Subscription ID, go to Portal

Enter a valid email address (you use this email to log into the Portal) and your Subscription ID: 

Click Register. The service prompts to create a password for your cloud account and to enter your First Name and Last Name.

After your new Profile information is saved, this service displays the Product Configuration screen; click Configure.

The initial configuration wizard provides four steps: Default Policy, Mobile Users, Static Location, and Auth Connector Setup.

It also lets you preset the Policy source with several default behaviors you might want to use. It shows the Option to IMPORT a policy from Web Security.Cloud.

Select the defaults for these choices. You can return to the portal later and change these settings if necessary.

When the wizard is complete, the service displays a confirmation message.

Click Go To Product Setup in the lower-right corner (not shown here) to proceed past this confirmation page: 

The Product Configuration page indicates the Configuration Status as Configured.

Click Continue.

The service displays the default Overview > Dashboard page (each time you log into the portal).

STEP 2. Send traffic to the service through the configure-less Unified Agent Access Method.

Notice the Mode drop-down status in the upper-left corner.

• Solutions Mode: Create policy, view reports.
• Service Mode: Setup and configuration (to send traffic to service), Authentication, other admin tasks.

Download the latest UA client. Click Service to begin.

Click Mobility.
 

On the right section of the page, you have the different installers that you can download for each of the supported OS versions

After you download (or transfer) UA application to the workstation or laptop, run the installer.

The application displays the Setup wizard.

One of the benefits of this access method is that it is a configure-less setup. Following the install no additional configuration details are required.

Click Next to proceed through the installation wizard.

The application prompts for a system restart after the install (Windows clients only; no restart required on OS X).

 After the system restart, notice a small white icon. It is located in the tray icon section on Windows or menu bar on OS X, with a BC in the icon.
.Right-click that icon to display the Status page for the UA client:  

STEP 3. Create a basic policy rule.

This task creates a basic policy rule.
Click Solutions (mode).

Navigate to Content Filtering

Select Policy tab

Click Add Rule, which displays the policy rule wizard.

When you create a new policy rule, the intuitive wizard guides you through the rule creation process.

The wizard asks you to define information for the following columns.

1. Who
2. From Where
3. To Where
4. What
5. When
6. Limits
7. Verdict

NOTE: This basic rule example assumes the defaults for most of the wizard except the steps "To Where" and "Verdict" (click Next in the lower-right corner) to get to the To Where page. By following these steps you set the rule to be applied to Anyone coming from Anywhere in your company.

Who page: click Next.

From Where page: click Next.

 To Where page: click Categories.

 Select: Legal Liability > Liability Concern > Gambling (category).

IMPORTANT: Click the blue Add button in the middle to move the selection (on the right-side) over to the left side.

Click: Next.

What page: click Next. This click causes all the actions possible on the page to be taken into consideration when the policy is applied.

When page: click Next. On this option, you can set up a Schedule when the rule is applied. Leaving it on the default option means that the Rule will Always apply.

Limits page: click Next. Most of the times you leave this page with the default option. Another option you have here is to Limit the rule to be applied to a certain web browser in particular.

 Verdict page: click Block.
Click Finish button in the lower-right corner.

The new policy rule should now resemble the following image.

IMPORTANT: You must click Activate to commit - activate the new rule. The yellow triangle icons indicate that this rule has not been committed yet.

STEP 4. Verify protection

Verify that traffic is protected by going here.

This page provides you both the WSS data-center and the data-pod to which this client connects. 

After verifying the data, navigate to a blocked site.

This policy rule blocks the Gambling category. To test, try a sample site such as in the following screen-shot: 

If the policy rule was set up correctly, and the Access Method sends traffic to the service, the client receives the Access Denied exception page.

Congratulations!

You have completed and tested your Web Security Service onboarding process.

For more details on how to configure the other Access Methods, see the full Access Method Web Guide.