Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
13.0.120
Athena SWG (Secure Web Gateway) {{ breadTitle }} User Manual Functions System Object Custom Application
{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Custom Application")}}

Custom Application

{{ $t('productDocDetail.updateTime') }}: 2025-12-29

On the Custom Application page, you can define application identification rules. You can define applications that do not exist in the embedded Application Signature. Applications can be defined according to data direction, IP address, protocol, and port.

Navigate to Objects > Custom Application. The Custom Application pane is on the right.

Add Custom Application

On the Custom Application page, click Add. In the Add Custom Application window, you can add custom application rules.

Example: Traffic needs to be guaranteed for the company's emails (Sangfor), but no application type exists. In this case, you can define a company email application rule as follows:

  1. Select Enabled and set basic application information, including the rule name, description, and application type. You can select an existing type or define one.

  1. Set the packet type.

Direction: Specifies the direction of packets passing the device. The device will recognize data in the specified direction.

Protocol: Specifies the protocol type of data. In this example, emails are sent over TCP.

Dst Port: Specifies the destination port of data. In this example, emails are sent over the TCP 25 port. IP Address: Specifies the source IP address, destination IP address, or destination IP address after proxy identification.

Target Domain: Specifies the destination domain name of packets. In this example, set this field to the domain name mail address of Sangfor, for example, mail.Sangfor.com.cn.

  1. Click OK[A218]. The setting of the rule is complete.

  1. Set the priority of the defined rule. The embedded Application Signature also contains mail identification rules. If the embedded rules take precedence, data may be preferentially matched to embedded mail identification rules instead of the custom rule. Therefore, set the custom rule to a higher priority. Specifically, select Give Priority to custom applications on the Custom Application page.
  2. Choose Online Activities > Bandwidth Management > Bandwidth Channel[A219] and set a guaranteed channel for this application to ensure the bandwidth required for sending emails using the company mail address.

You are recommended to set the destination port, IP address, and domain name when a custom rule is defined. If the identification conditions are too general, the customs rule may conflict with the embedded application identification rules. As a result, identification errors may occur, causing some control and audit functions to fail.

Enable, Disable and Delete Custom Application

On the Custom Application page, select a custom rule and click Enable, Disable, or Delete.

Import and Export Custom Application

Click Import to add a custom application rule. Click Export to export a custom application rule.