Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
13.0.120
Athena SWG (Secure Web Gateway) {{ breadTitle }} User Manual Functions System Object
{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Object")}}

Object

{{ $t('productDocDetail.updateTime') }}: 2025-12-29

The objects defined on the Objects page are the basis for the device to perform online behavior filtering, online behavior audit, and Bandwidth Management.

Application Signature and Advanced Application Signature: All common online applications are defined. Sangfor R&D personnel analyze the data characteristics and behavior characteristics of common applications and formulate related rules. Choose Online Activities > Access Control, and then you can reference these two types of objects to control online applications. SSL management, Internet access audit, and endpoint reminders can be implemented based on the two types of application identification rules.

On the Bandwidth Management page, traffic control can be performed for different applications based on the application identification rules. On the Exclusion Rule page, you can choose not to measure and control the Internet access duration of some applications based on the application identification results. The Application Signature can be periodically updated by accessing the Sangfor server. Sangfor will periodically update the Application Signature on the server to recognize the latest applications and versions on the Internet.

On the Custom Application page, you can define application rules and set packet characteristics. If packet capturing and packet characteristics analysis capabilities are available, related rules can be defined on the Custom Application page. Generally, you are not advised to define rules to avoid application identification errors caused by conflicts with the embedded application identification rules. Application identification errors will cause some control and audit functions to fail.

The URL Database contains and classifies common URLs. Specifically, it contains the embedded URL database of Sangfor, URL database defined by the customer, and intelligent URL identification library. Choose Online Activities > Access Control[A197][LCH198], and then you can reference this type of object to control URL access.

You can set Ingress rules on the Ingress Rule Database page, including detecting the client OS, processes, files, and registries. Encrypted IM chat contents can be audited through Ingress control.

The Ingress rules set on the Ingress Rule Database page can be referenced on the page displayed after you choose Online Activities > Access Control[A199][LCH200], thereby implementing detection and control of client PCs.

You can set network services based on conditions on the Services page, including port and protocol. You can refer to the type of object on the page displayed after you choose Online Activities > Access Control.[A201] Network access data is controlled by detecting the port and protocol of packets. This object type can also be referenced on the System > Firewall > Firewall Rules page.

On IP Address Databasse, you can set IP groups, which can be referenced in setting IP address-based control. IP groups can be referenced on the page displayed after you choose Online Activities > Access Control, Bandwidth Management > Bandwidth Channel[LCH202][A203], or System > Firewall > Firewall Rules.

On Schedule, you can set schedules. Most control functions on the device can be implemented based on a schedule. Therefore, you can set a schedule for control policies. These schedule groups can also be referenced during behavior queries and report statistics in the data center.

The keywords set in Keyword Group can be referenced on the page displayed after you choose Online Activities > Access Control > Search.[LCH204][A205]

The file types set in File Type Group can be referenced on the page displayed after you choose Online Activities > Access Control > Add > Options > File Type, [LCH206]or Online Activities > Data Leak Prevention > Sensitive File Rules Bandwidth Management > Bandwidth Channel.[A207][208]

Location: Select location objects when associating applicable objects in Online Activities > Access Control, or Bandwidth Management > Bandwidth Channel.[LCH209]

[A210]

Trusted Certificate Authority: When the LAN user accesses the WAN using SSL protocol, the device can verify the legality of the certificate. Suppose the certificate used by the SSL protocol falls within the scope of Trusted Certificate Authority. In that case, it indicates that the certificate is legal, and the client can delete or add a trusted SSL certificate. When SSL Certificate Link Control is enabled in Web Access > Web Access Permission > SSL Mgt > SSL Security Protection, SSL certificate detection is enabled.[LCH211][212][A213]