This article applies to:
Question:
- Can the Secure Web Gateway (SWG) product be configured to scan HTTP, HTTPS, or FTP transactions over non-standard ports?
Procedure:
SWG scans transactions on the standard ports indicated below, as long as the appropriate modules are activated:
In explicit proxy mode, transactions involving other ports are blocked by default. However, it is possible to scan supported protocols on alternate ports or port ranges. This can be accomplished by following the steps below.
- Open the settings of the Scanning Server component under the devices tree and highlight the HTTP node.
- Navigate to the Allowed Server Ports tab and enable Edit mode.
- Click the green plus icon under "Specific Ports for HTTP" to add a row.
- Put the desired port numbers in the highlighted fields. The input could be a single port (from 2929 to 2929) or a range (from 2900 to 2929). Alternatively, uncheck a "Specific ports for protocol" box in order to allow connections to all ports over that protocol. Save and Commit the changes.
Notes:
- Follow the same logic to allow specific ports for HTTPS or FTP over HTTP transactions that use the SWG appliance’s HTTP proxy service. To allow the HTTPS proxy service to connect to additional ports, configure the Allowed Server Ports under the HTTPS node. To allow the native FTP proxy to connect to additional ports, configure the Allowed Server Ports under the FTP node.
- Please note that these settings apply for individual scanning devices. If required, they should be explicitly set on every scanning device in a distributed environment.
- It is also possible to configure these settings as system defaults. As such, they will automatically be applied to any new scanning device(s) that are added to the cluster in the future.