Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
13.0.120
Athena SWG (Secure Web Gateway) {{ breadTitle }} User Manual Functions System Sangfor VPN Basics
{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Basics")}}

Basics

{{ $t('productDocDetail.updateTime') }}: 2025-12-29

Set the Web agent information, MTU value of VPN data, minimum compression value, VPN monitoring port, VPN connection mode, broadcast packets, and performance information required for configuring VPN connections.

The web agent indicates the dynamic IP addressing file addresses in the web servers, including the active Web agent address and standby Web agent address. See the following figure.

If it is dynamic addressing (non-fixed IP at headquarters), enter WebAgent Web address (usually ended in .PHP). After entering WebAgent, you can click the Test button to see if it can be connected. If the headquarters is fixed IP, enter the address in the IP address: port format, such as 202.96.134.133:4009. Click Change Password to set the WebAgent password to prevent illegal users from embezzling the WebAgent to update the false IP address. Next, click Shared Key to set the shared key to prevent unauthorized device access. After that, click View Shared Key to view the shared key. The login key refers to the administrator's password.

If WebAgent Password is set, it cannot be recovered once it is lost, and you have to contact the customer service center of Sangfor to regenerate a file excluding the WebAgent password and replace the original file. If Shared Key is set, all VPN sites cannot be interconnected until they must set the same Shared Key. With multiple lines and fixed IPs, WebAgent can be filled in the IP1 # IP2: Port format.

MTU Value (576-1500[A257]) sets the maximum MTU value for VPN data. The default value is 500.

Min Compression Value (550-1460) sets the minimum packet size for VPN data compression. The default value is 0.[LCH258][259]

VPN Listening Port (Default: 4009) sets the monitoring port for the VPN service. The default value is 4009. You can change it as required.

Modify MSS is used to set the maximum splice of VPN data for the UDP mode.

Generally, the default values of the MTU Value, Minimum Compression Value, and Modify MMS parameters are recommended. However, if you need to change the values, contact Sangfor technical engineering for help.

Directly connects to Internet, and Indirect connects to Internet sets the type of connection between the gateway and the Internet. If Internet IP addresses can be detected or port mapping can be implemented to allow Internet users to access the VPN port of the gateway, you can select Directly connects to Internet. Otherwise, select Indirect connects to Internet.[LCH260][261]

Click Advanced. The window shown in the following figure is displayed[LCH262][A263][ZY264].

Broadcast: Specifies whether broadcast packets are transferred in VPN channels. Only the broadcast packets for the specified ports are transferred to prevent broadcast storms at both ends of a VPN. Applications such as My Network and IPMSG require broadcast packets.

Multicast Service: Specifies whether multicast packets are transferred in VPN channels. Some video applications may require multicast packets.