Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.

13.0.120

{{item.code}}

User Manual

IAG Installation

IAG Console

Web Login

Configuration

Functions

Value-Added Services

Sangfor Business Intelligence

Internet Access Analytics

Bandwidth Analytics

Electricity Waste Analytics

Real-Time Status

Real-Time Status

Proxy

Access Management

Working Principle

802.1X Authentication

Authentication

Endpoint Check

Ingress Client Settings

Online Activities

Access Control

Advanced

Bandwidth Management

Quota Control

Link Load Balancing

Activity Audit

Internet Access Audit

Ingress Client Audit

Endpoint Management

Endpoint Connection Control

Security Capabilities Configuration

Connect IAG to Endpoint Secure

Endpoint Connection Control Case Study

Internet Security

System

Object

Network

Sangfor VPN

Firewall

General

Diagnostics

Use Cases

SSO Configuration

SSO Configuration for the AD Domain

Proxy SSO Configuration

SMS Authentication

Send SMS Through an SMS Modem

Endpoint Device Management Configuration

Comprehensive Configuration

SNMP Trap Configuration

Basic Configuration

Enable Email Alert

Testing Procedure

Test with the MIB Browser Tool

Testing Results

International Bandwidth Configuration

Athena SWG (Secure Web Gateway)

Connections

{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Connections")}}

Connections

{{ $t('productDocDetail.updateTime') }}: 2025-12-29

To implement the interconnection of multiple network nodes to create a mesh network, the IAG provides the function for managing and setting network node interconnection. You can set the function on the Connection page.

This function must be enabled only when this device is used as a branch and needs to connect to HQ devices. You do not need to enable this function if this device is an HQ device.

You can click Add to add a link to the HQ. See the following figure.

HQ Name and Description are used to indicate a link. You can set them as required.

Primary Webagent and Secondary Webagent specify the Web agents corresponding to the HQ to be connected. You can click Test to check whether the Web agents work properly. See the following figure.

Test requests are sent from the local computer instead of the device. If the Web agents are set to domain names, a test success indicates that the corresponding page exists. Otherwise, the page does not exist. If the Web agents are set to fixed IP addresses, a test success indicates that the information entered in the IP address format: Port number is correct. However, the test success does not mean that the VPN connection is successful.

Protocol: It can be set to TCP or UDP to indicate VPN packet type. The default option is UDP.

Data Encryption Key, Username, and Password must be set according to the account information provided by the HQ.

Cross-ISP Access option applies when the HQ has interconnected lines from different carriers, and packet loss often occurs. You can set it to Low Packet Loss Rate, High Packet Loss Rate, or Manual Setup.

Certificate: Check if the headquarters chooses the certificate.

Peer Root Certificate: Check it when the same CA does not issue the certificate used by the headquarters as the local one.

The inter-carrier function must be activated when necessary. Otherwise, it is not effective. For IAG interconnection, both IAGs must enable this function. For interconnection between a module user and the IAG, only the IAG must enable the function.

You can click LAN Service and assign permissions to the peer end connected to a VPN. It enables you to specify the local services available to the peer end. After setting the preceding parameters, select Allow to activate the connection. Then, click Save.

{{ $t('index.defaultHeader.logo') }}

Athena SWG (Secure Web Gateway)

Connections