Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
13.0.120
Athena SWG (Secure Web Gateway) {{ breadTitle }} User Manual Functions Bandwidth Management Link Load Balancing Precautions
{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Precautions")}}

Precautions

{{ $t('productDocDetail.updateTime') }}: 2025-12-29
  1. DNS server proxy is not supported for IAG in proxy mode. When IAG is in the proxy mode, the local ADC proxy initiates DNS server requests, and the DNS server proxy cannot serve as the proxy of the packages of the local ADC.
  2. When IAG is in proxy mode, routing for ISP load based on DNS server load is not supported. In essence, routing for ISP load based on the DNS server load requires a proxy for the DNS server; when IAG is in the proxy mode, DNS requests are initiated by the local ADC rather than the drive.
  3. When IAG is in the proxy mode, application routing is not supported (TCP proxy is not supported, and the effect cannot be reached.).
  4. The active-active mode does not synchronize network-related configuration. Link load and DSCP are network-related configurations. It only takes effect at a single node.
  5. When global exclusion and pass-through are enabled, the link load function will not have package loss, and the function still takes effect.
  6. The link load function does not support alarms.
  7. Link Load is not supported when IAG is in proxy mode, or SSL decoding is enabled.
  8. In the application routing scenario, some applications have subdivisions. Each subdivision application is regarded as an application. Selecting all applications in the same category is recommended to avoid compromising effects, for example, WeChat and Facebook.
  9. Priority in the routing mode: pass-through route > static route > dynamic route > DNS serve proxy (Redirect to specified line) > preferred load policy > default load policy > default route(when the VPN is not configured and neither is the leased line backup).
  10. Pass-through route > static route > dynamic route > DNS serve proxy (Redirect to the specified line) > preferred load policy > default load policy > default route > system default route.
  11. VPN route > pass-through route > static route > dynamic route > DNS serve proxy (Redirect to the specified line) > preferred load policy > default load policy > default route > system default route.
  12. Priority in the bridge mode: DNS serve proxy (Redirect to the specified line) > preferred load policy > default load policy.
  13. DNS server proxy action only conflicts with the link load policy when configuring redirection to the specified line. When the two policies conflict, DNS server proxy action has higher priority, and the redirected line prevails.
  14. In LAN > IAG (bridge) > proxy server > F5 scenario, the link load function is not supported
  15. When there are several WAN lines for link load configuration, it is required to configure the link failure detection function. Otherwise, the link load policy cannot take effect after configuration.

  1. The default load policy cannot customize the user/application/time of taking effect.