This article applies to:
- Mobile Security Client (MSC)
- Secure Web Gateway
- MS Windows
Problem Description:
- When there is more than one internal (on-premise) SWG proxy, the MSC is unable to work out which one is closest. This can lead to inefficient routing of web traffic and consequently poor browsing performance.
- For example, a company has two ‘main’ offices – one in NY and the other one in London. They have SWG scanners installed in both locations. They would like roaming users to use the local scanners when they are on premise. A few more ‘facts’:
- NY scanners load balancer IP – 10.0.0.2
- London scanners load balancer IP – 192.168.120.5
- Each site has its own DNS server
Prerequisits:
Separate DNS servers covering each site are needed. If only one DNS server is used this solution will not work.
Procedure:
How to make this work:
- Define the following mapping in the DNS servers on both sites, so that the MSC software can detect that it is on premise:
- Hostname ON-PREMISE-HOST > 1.1.1.1
- Define in NY DNS server the following mapping:
- Hostname SWG-SCANNING > 10.0.0.2
- Define in London DNS server the following mapping:
- Hostname SWG-SCANNING > 192.168.120.5
- In the SWG Policy Server GUI, on the Proxies (On-premise) do the following:
- Add the following line in the On-premise Proxy Details:
- In the Corporate Hostname enter ON-PREMISE-HOST
- In the Internal Hostname IP enter 1.1.1.1 (or click the ‘Resolve IP’ button)
- Commit the SWG policy update.
- Boot up the PC and allow the MSC run for a few minutes to identify and pull down its new configuration information.
Notes:
V0_1 2012-Aug-23