Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.

13.0.120

{{item.code}}

User Manual

IAG Installation

IAG Console

Web Login

Configuration

Functions

Value-Added Services

Sangfor Business Intelligence

Internet Access Analytics

Bandwidth Analytics

Electricity Waste Analytics

Real-Time Status

Real-Time Status

Proxy

Access Management

Working Principle

802.1X Authentication

Authentication

Endpoint Check

Ingress Client Settings

Online Activities

Access Control

Advanced

Bandwidth Management

Quota Control

Link Load Balancing

Activity Audit

Internet Access Audit

Ingress Client Audit

Endpoint Management

Endpoint Connection Control

Security Capabilities Configuration

Connect IAG to Endpoint Secure

Endpoint Connection Control Case Study

Internet Security

System

Object

Network

Sangfor VPN

Firewall

General

Diagnostics

Use Cases

SSO Configuration

SSO Configuration for the AD Domain

Proxy SSO Configuration

SMS Authentication

Send SMS Through an SMS Modem

Endpoint Device Management Configuration

Comprehensive Configuration

SNMP Trap Configuration

Basic Configuration

Enable Email Alert

Testing Procedure

Test with the MIB Browser Tool

Testing Results

International Bandwidth Configuration

Athena SWG (Secure Web Gateway)

Users Type

{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Users Type")}}

Users Type

{{ $t('productDocDetail.updateTime') }}: 2025-12-29

The users on the IAG are classified into three types: local users, AD domain users, and temporary users.

Local users: Users can be managed and configured on Access Mgt > User Management > Local Users.

Local users can be added in the following ways:

Manually created by the console administrator.

Set on the Authentication Policy page and automatically add after authentication (including users who do not require authentication, users authenticated on a third-party server, and SSO users).
Users imported by using the import function.
Users synchronized to the IAG using the automatic synchronization function on the user management page.

AD domain users: If there is an AD domain on the intranet and the IAG needs to work with the AD domain server for third-party authentication and SSO authentication, the IAG will obtain users of the AD domain and the organization structure in real time. The organization structure of the IAG is the same as in the AD domain. AD domain users can be managed on the page displayed after choosing User Management[A30][31] > Local Users > Domain User[LCH32][33]. AD domain users are not synchronized to the IAG. Therefore, they cannot be deleted or moved to the IAG. Instead, you can associate Internet access policies and traffic control policies with this type of user.

Temporary users: users authenticated by the IAG but not included in the organization structure on the IAG. This type of user will not be displayed on the page after choosing Access Mgt > User Management > Local Users.

The following introduces how to configure an Internet Access Policy for temporary users.

Network access permission is specified on the Authentication Policy page. As shown in the following figure, select a group in Add Non-Local/Domain Users to Group. Then the Internet Access Policy of the specified group will be applied to temporary users.

{{ $t('index.defaultHeader.logo') }}

Athena SWG (Secure Web Gateway)

Users Type