Web filters are commonly used by the organization to restrict user internet access to certain web applications content and it has increasingly become non-effective against proxy avoidance applications. IAG collaborates with Endpoint Secure to enforce Proxy Avoidance Protection on any user attempt to use this application for bypassing the security perimeter more effectively. R&D team within Sangfor employs a dedicated team of application signatures security experts who are continuously categorizing and adding the latest proxy avoidance applications to ensure that detection rate and blocking capabilities are current and up to date.
Sangfor IAG - Secure Web Gateway & Web Filtering Solution
Accelerating modern trends such as cloud applications adoption, the move of the hybrid workplace and increased use of mobile and personal devices for work have all constantly put more pressure on the organization to ensure a secure workforce environment. At the same time, a rise in encrypted applications, proxy avoidance applications, and increasingly affordable availability of third-party VPN applications have imposed further liability for the organization where it can easily bypass your security perimeter undetected without any protection. You need an extensive secure web gateway not only to protect your organization against these common threats but also as a critical asset for safeguarding user internet access behavior.
Why Sangfor IAG?
Sangfor IAG enables you to identify, analyze and take immediate action upon user internet access behavior.
Product Advantages
Proxy Avoidance Protection
Intelligent Traffic Management
Sangfor IAG improves bandwidth utilization by more than 30% using three unique major traffic management solutions. Dynamic Traffic Control automatically adjusts traffic control policies and intelligently allocates idle bandwidth resources. Intelligent Flow Control precisely manages both up-link and down-link P2P traffic and can customize traffic "packages" for different users, allocating specific traffic quotas and limiting bandwidth for heavier users.
Gateway and Client Decryption to Uncover Encrypted Traffic
Typically, a majority of internet traffic is protected by SSL/TLS encryption. While encryption helps to keep user and corporate data protected and private, it also creates security challenges when it comes to the rapid growth of malware infections and other malicious content. Sangfor IAG offers both decryption methods including gateway and client decryption to overcome these challenges. This enables an organization to have the flexibility to run either one or both in parallel to uncover encrypted traffic according to your corporate IT strategy and planning.
Unified Network-wide Management of all Clients
Sangfor IAG provides Unified Management and effectively controls both Wired and Wireless networks for the entire network. With intuitive and flexible authentication methods, it fully guarantees the security of access control, supporting a variety of traditional authentication methods such as username/password, IP/MAC binding, and a wide array of value-added marketing authentication methods (QR code, SMS, WeChat, Social media, OA account, SAML 2.0, third-party system, etc.). Permissions are controlled based on user, application, location, and client types while using IAG or third-party wireless controller as a unified authentication server, building a faster and more cost-effective wireless network.
Precise and Accurate Application Control
Sangfor IAG manages and controls network applications more comprehensively, accurately, and conveniently with the largest application signature database in Asia, which can identify more than 6,000+ applications in its database including 700+ cloud applications, 1,000+ mobile applications, 300+ web applications, and is updated every 2 weeks. In addition, it precisely controls applications according to their specific functions, such as distinguishing upload, download, and other actions in the network. Finally, bulk management mode for large enterprises greatly improves management efficiency.
Offloading Performance When Using ICAP Integration With Third Party System
Sangfor IAG can act as an ICAP client to be used with any ICAP server-enabled network appliance by offloading threat protection or other value-added services. In addition, Sangfor IAG provides request and response inspection mode while enabling the ICAP server group to run on a round-robin or concurrent condition.
Secure Onboarding Devices With Endpoint Security Posture
Sangfor IAG identifies and secure endpoint devices with or without agents, it helps to ensure these devices are connected with compliant and secure. You gain visibility and control what is on your environment without impacting your network performance.
Proxy Avoidance Protection
Web filters are commonly used by the organization to restrict user internet access to certain web applications content and it has increasingly become non-effective against proxy avoidance applications. IAG collaborates with Endpoint Secure to enforce Proxy Avoidance Protection on any user attempt to use this application for bypassing the security perimeter more effectively. R&D team within Sangfor employs a dedicated team of application signatures security experts who are continuously categorizing and adding the latest proxy avoidance applications to ensure that detection rate and blocking capabilities are current and up to date.
Intelligent Traffic Management
Sangfor IAG improves bandwidth utilization by more than 30% using three unique major traffic management solutions. Dynamic Traffic Control automatically adjusts traffic control policies and intelligently allocates idle bandwidth resources. Intelligent Flow Control precisely manages both up-link and down-link P2P traffic and can customize traffic "packages" for different users, allocating specific traffic quotas and limiting bandwidth for heavier users.
Gateway and Client Decryption to Uncover Encrypted Traffic
Typically, a majority of internet traffic is protected by SSL/TLS encryption. While encryption helps to keep user and corporate data protected and private, it also creates security challenges when it comes to the rapid growth of malware infections and other malicious content. Sangfor IAG offers both decryption methods including gateway and client decryption to overcome these challenges. This enables an organization to have the flexibility to run either one or both in parallel to uncover encrypted traffic according to your corporate IT strategy and planning.
Unified Network-wide Management of all Clients
Sangfor IAG provides Unified Management and effectively controls both Wired and Wireless networks for the entire network. With intuitive and flexible authentication methods, it fully guarantees the security of access control, supporting a variety of traditional authentication methods such as username/password, IP/MAC binding, and a wide array of value-added marketing authentication methods (QR code, SMS, WeChat, Social media, OA account, SAML 2.0, third-party system, etc.). Permissions are controlled based on user, application, location, and client types while using IAG or third-party wireless controller as a unified authentication server, building a faster and more cost-effective wireless network.
Precise and Accurate Application Control
Sangfor IAG manages and controls network applications more comprehensively, accurately, and conveniently with the largest application signature database in Asia, which can identify more than 6,000+ applications in its database including 700+ cloud applications, 1,000+ mobile applications, 300+ web applications, and is updated every 2 weeks. In addition, it precisely controls applications according to their specific functions, such as distinguishing upload, download, and other actions in the network. Finally, bulk management mode for large enterprises greatly improves management efficiency.
Offloading Performance When Using ICAP Integration With Third Party System
Sangfor IAG can act as an ICAP client to be used with any ICAP server-enabled network appliance by offloading threat protection or other value-added services. In addition, Sangfor IAG provides request and response inspection mode while enabling the ICAP server group to run on a round-robin or concurrent condition.
Secure Onboarding Devices With Endpoint Security Posture
Sangfor IAG identifies and secure endpoint devices with or without agents, it helps to ensure these devices are connected with compliant and secure. You gain visibility and control what is on your environment without impacting your network performance.
| Models | M5100 | M5200 | M5400 | M5500 | M5600 |
|---|---|---|---|---|---|
| Profile | 1U | 1U | 1U | 1U | 1U |
| HD Capacity | 256 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD |
| Application Layer Throughput Options | 160 Mbps | 400 Mbps | 600 Mbps | 1 Gbps | 1.2 Gbps |
| Recommended Concurrent Users | 600 Users | 2,000 Users | 3,000 Users | 5,000 Users | 6,000 Users |
Model Datasheets | |||||
| Click to Download |  | | | | |
| Models | M6000 | M6000-UPG¹ | M9000 | M10000 | M12000 | M14000 |
|---|---|---|---|---|---|---|
| Profile | 2U | 2U | 2U | 2U | 2U | 2U |
| HD Capacity | 128 GB SSD + 960 GB SSD | 128 GB SSD + 960 GB SSD | 480 GB SSD + 960 GB SSD | 480 GB SSD + 960 GB SSD | 480 GB SSD + 960 GB SSD | 480 GB SSD + 1.92 TB SSD |
| Application Layer Throughput Options | 2 Gbps | 4 Gbps | 10 Gbps | 20 Gbps | 40 Gbps | 60 Gbps (Bypass) / 50Gbps (Bridge) |
| Recommended Concurrent Users | 15,000 Users | 20,000 Users | 50,000 Users | 100,000 Users | 200,000 Users | 200,000 Users |
Model Datasheets | ||||||
| Click to Download | | | | | | |
| Models | M5500-SK | M5800-SK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Profile | 1U | 1U | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| HD Capacity | 128 GB MSATA | 128 GB MSATA + 480 GB SSD | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Application Layer Throughput Options | 750 Mbps | 1.5 Gbps | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Recommended Concurrent Users | 1,000 Users | 2,000 Users | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Model Datasheets | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Click to Download | | | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
¹ M6000-UPG is a license upgrade from M6000 with application layer bandwidth increased from 1G to 2G.
Partner Success with Sangfor: Global Sapphire's Growth Partnership & Development
Partner Success with Sangfor: Global Sapphire's Growth Partnership & Development
Unveiling IT Transformation at PT. CJ Indonesia | Sangfor Tech Talk
Innovation and Success: Sangfor x Universitas Pelita Harapan's Story
Interview with IBA Karachi's Head of ICT Wajeeh Zaidi - Customer Testimonial
Interview with Shahid Khan Jadoon, Manager IT | National Information Technology Board NITB, Pakistan
Ramsay Sime Darby Healthcare x Sangfor: Success Story
PT Bank Victoria International Tbk x Sangfor: Success Story
Guy Rosefelt Interview with Cyber Defense Magazine 2022
Secure Internet Gateway Use Cases
Without Sangfor IAG the office environment is comparable to an internet cafe where users and staff can freely access video, social media, and endless entertainment. IT administrators are hard-pressed to identify exactly which users are consuming excess bandwidth, preventing effective control over user browsing behavior. Sangfor IAG can identify and control non-work-related applications in the network while allowing companies to keep a close eye on their bandwidth management, whereby they allocate all available bandwidth for key business needs, and improving business efficiency and productivity. Numerous professional traffic management features allow IAG to rationally allocate bandwidth resources and maximize bandwidth usage. For organizations with multiple branches, IAG provides a unified management platform and supports 3G link backup, making network management more efficient and reliable.
Because customers have vastly different authentication procedures, each internal network requires user authentication integration with AD, Radius to achieve SSO. IAG guest authentication provides convenient access through Facebook, WeChat, SMS and offers a unified authentication solution, which manages both the wired and wireless connected users within a single IAG platform. Sangfor IAG also offers a switch based user access control capability to help control LAN user access. Finally, Sangfor IAG can be integrated with WLAN vendors like Cisco, Aruba to allow the Unified Authentication Center to drastically simplify the process of network integration and management.
To protect the user from web threats, a secure web gateway is an effective defense over web-based threats and enabling secure internet access. Sangfor IAG can work with your on-premise applications and internet traffic. With the accelerated SSL decryption performance, all HTTP and HTTPS traffic will be monitored and analyzed with IAG, which is the huge bottleneck of other solutions like NGFW or UTM. The AI-based threat intelligence platform provides web filtering services and improves the capability of identifying known and unknown threats. It also keeps users protected while ensuring they enjoy a safe and secure web experience.
As unauthorized use of networks becomes more common, many countries and regions are developing and enforcing laws governing user internet access behavior. The IAG internal application database comprehensively logs malicious user activity including file uploads, BBS posting, email, browsing history, and applications accessed. This audit solution assists in customer compliance with local legal regulations and serves as a valuable investigative resource in the event of illegal network usage incidents.
Secure Internet Gateway Frequently Asked Questions
Please perform it following:
- Step 1. Add a new LDAP Server under the External Auth Server.
- Step 2. Enter the details such as Server Name, IP Address of the external authentication server, the admin account username and password and select the BaseDN. After entered all the details, click the Test Validity to check whether able to connect the external authentication server or not.
- Step 3. After tested the validity, a message will prompt out to show the result.
- Step 4. Click the Sync with all LDAP servers to sync all the data. Now, the configuration is successfully set.
In a typical environment, Secure Web Gateway (SWG) is used to block access to inappropriate websites or applications, prevent malware infections, and enforce corporate internet compliance. SWG is similar to a firewall in that both prevent malicious activities and provide necessary network security protections. However, the main difference is that SWG emphasizes securing user onboarding and promoting productivity. It is common for an enterprise to use both SWG and firewall to fortify their defense as both of them usually complement each other. For more info on using both Sangfor IAG and Network Secure, please refer to this blog webpage.
The main difference is Premium Bundle will have all the Essential Bundle components with the addition of Anti-malware protection (Engine Zero) and threat intelligence (Neural-X).
Latest Events
Live Event
Sangfor International Roadshow 2025 - Istanbul, Türkiye
Sangfor Technologies Türkiye successfully kicked off the Sangfor International Roadshow 2025 in Istanbul as its first stop!
Date
:
16 Apr 2025
Live Event
Hong Kong Police Force invited - Cyber Security Seminar 2025
Date
:
27 Mar 2025
Live Event
HKIB Cybersecurity Solutions Day 2025
We were thrilled to participate in HKIB Cybersecurity Solutions Day with FSI Leaders and cybersecurity experts.
Date
:
20 Mar 2025
Latest Blog
Cyber Security
WooCommerce Users Targeted by Fake Patch Phishing Emails
WooCommerce users are being targeted by fake patch phishing emails. Learn how to recognize and protect your store from this growing threat.
Date
:
29 Apr 2025
Cyber Security
Vietnam CMC Group Ransomware Attack: Anatomy of an Asian Cyber Shock
Vietnam tech giant CMC Group lost 2 TB to Crypto24 ransomware yet recovered in 24 h—discover the full timeline, impact, and five defence lessons.
Date
:
17 Apr 2025
Cyber Security
Earth Day 2025: Cybersecurity & Cloud Power Sustainability
Discover how cybersecurity and cloud infrastructure support Earth Day 2025’s renewable energy goals for logistics, finance, healthcare, and government sectors.
Date
:
14 Apr 2025
Latest News
News
Sangfor Leads 2024 Cybersecurity Hardware Market in China
On April 21, 2025, IDC reported that China's cybersecurity hardware market reached 21 billion RMB, with Sangfor Technologies leading at 11.1% market share.
Date
:
21 Apr 2025
News
"AI + Cloud Adoption": Sangfor Charts a New Path in Cybersecurity with Network Secure, IAG, and VPN Leading the Market
Sangfor leads cybersecurity with AI, XaaS, Network Secure, IAG, and SSL VPN, topping China's market per IDC Q4 2024 report.
Date
:
31 Mar 2025
News
Sangfor AD Secures the No.1 Spot Again with a 22.3% Market Share in 2024!
IDC's Q4 2024 report shows Sangfor AD leading China's application delivery market with 22.3% share, up 1.9% from 2023, reflecting steady growth and innovation.
Date
:
19 Mar 2025