Athena SWG (Secure Web Gateway)

Athena SWG (formerly Internet Access Gateway) ensures visibility and control across the network, detecting risks like unauthorized access, non-compliant activities, and data leaks to manage endpoints.

13.0.120

{{item.code}}

User Manual

IAG Installation

IAG Console

Web Login

Configuration

Functions

Value-Added Services

Sangfor Business Intelligence

Internet Access Analytics

Bandwidth Analytics

Electricity Waste Analytics

Real-Time Status

Real-Time Status

Proxy

Access Management

Working Principle

802.1X Authentication

Authentication

Endpoint Check

Ingress Client Settings

Online Activities

Access Control

Advanced

Bandwidth Management

Quota Control

Link Load Balancing

Activity Audit

Internet Access Audit

Ingress Client Audit

Endpoint Management

Endpoint Connection Control

Security Capabilities Configuration

Connect IAG to Endpoint Secure

Endpoint Connection Control Case Study

Internet Security

System

Object

Network

Sangfor VPN

Firewall

General

Diagnostics

Use Cases

SSO Configuration

SSO Configuration for the AD Domain

Proxy SSO Configuration

SMS Authentication

Send SMS Through an SMS Modem

Endpoint Device Management Configuration

Comprehensive Configuration

SNMP Trap Configuration

Basic Configuration

Enable Email Alert

Testing Procedure

Test with the MIB Browser Tool

Testing Results

International Bandwidth Configuration

Athena SWG (Secure Web Gateway)

Firewall Rules

{{sendMatomoQuery("Athena SWG (Secure Web Gateway)","Firewall Rules")}}

Firewall Rules

{{ $t('productDocDetail.updateTime') }}: 2025-12-29

You can set specific rules to filter the data forwarded between different device interfaces. Filtering conditions include the destination protocol and port, source IP address, destination IP address, and time. The Firewall Rules panel is shown in the following figure. In Direction, set the direction to which a filtering rule applies, which can be LAN<->DMZ, DMZ<->WAN, WAN<->LAN, LAN<->LAN, DMZ<->DMZ, VPN<->WAN, or VPN<->LAN. After selecting a filtering direction, you can manage Firewall Rules on the right pane, including deleting or adding Firewall Rules.

For example, internal web servers are connected to the device's demilitarized zone (DMZ), and common internal users are connected to the local area network (LAN) zone. For server security purposes, users in the LAN zone can access only Transmission Control Protocol (TCP) port 80 (web service) of the servers in the DMZ, and other data is not allowed to be forwarded to the DMZ. In this case, Firewall Rules between the LAN zone and DMZ need to be set. The procedure is as follows:

Select LAN > DMZ in Firewall Rules. In the LAN > DMZ pane, click Add. The following objects are referenced: network services, IP groups, and schedule groups.

Enter the rule name in Name and the priority value in Priority No. The priority value specifies the priority of the rule. A smaller priority value indicates a higher priority. Enter the description of this rule in Description.
Set a rule to allow HTTP packets from the LAN zone to the DMZ. Specifically, select Allow from Action, HTTP from Service, and All from Source and Destination, or enter an IP group. Select All Day from Schedule and specify a period. Select LAN > DMZ from Data Flow. See the following figure.

After you set the filtering rule, HTTP packets are allowed, and other data is rejected by default.

Modify the filtering rule if required. Select the filtering rule and click Delete to delete the rule. Click Enable to enable the filtering rule. Click Disable to disable the filtering rule. Click Move Up or Move Down to change the filtering rule's priority.

To edit a rule, click the rule's name and then edit the rule in the displayed dialog box.

By default, the firewall module will reject the traffic. However, the LAN > WAN dual and the LAN > DMZ are allowed by configuring the filtering rule of the firewall by factory settings.

{{ $t('index.defaultHeader.logo') }}

Athena SWG (Secure Web Gateway)

Firewall Rules