Secure Web Services
Configuration > Overlays & Security > Security > Secure Web Services
EdgeConnect appliances integrate with cloud-based OpenText™ Threat Intelligence (BrightCloud), a cybersecurity solution that provides real-time blocking of web-based threats. Specifically, EdgeConnect SD-WAN integrates the OpenText Threat Intelligence (BrightCloud) services, leveraging its Web Classification, URL Reputation and IP Reputation capabilities to enable real-time security enforcement and content filtering.
-
Web Classification and Reputation: Dynamically assesses URL and domain risk, enabling you to enforce your web policies by granting users access to reputable websites while blocking them from inappropriate or malicious ones. You can set matching traffic criteria by:
-
One or more URL addresses
-
Web category: strict, moderate, or custom, each defined as a subset of site categories provided by OpenText Threat Intelligence (BrightCloud) (including high-risk categories)
-
Web reputation: high risk, suspicious, moderate risk, low risk, or trustworthy based on reputation scoring
-
-
IP Reputation: Dynamically assesses the reputations of billions of IP addresses (both IPv4 and IPv6) and assigns reputation scores. You can set matching traffic criteria by bad IP reputation, which blocks high-risk IP addresses.
Users receive block notification messages when they attempt to access blocked pages as configured in your organization’s policies.
To use Secure Web Services, your appliances must have one of the following valid licenses:
-
Advanced Security Standard (EC-AS-Standard)
-
Advanced Security Unlimited (EC-AS-UL)
-
Dynamic Threat Defense (EC-DTD)
To configure licenses on your appliances, see Licenses. For assistance, contact HPE Aruba Networking support.
EdgeConnect appliances regularly synchronize with the most current intelligence data from cloud-based OpenText Threat Intelligence (BrightCloud). Before using Secure Web Services, ensure that the management service for Secure Web Services is configured appropriately on the Management Services tab. See Management Services.
The Secure Web Services tab displays status and configuration information for appliances selected in the appliance tree, as follows:
| Field | Description |
|---|---|
| Appliance | Name of the appliance. |
| Status | Configuration status of Secure Web Services on the appliance. Possible statuses are: Web Classification & IP Reputation Web Classification IP Reputation Disabled |
| Licensed | Indicates whether the appliance is licensed to use Secure Web Services. |
| Query on miss | Indicates whether query on miss of URL classification will occur. When categorization of the queried URL is not available in the current URL-related threat intelligence database, the query is sent over the network to the cloud-based OpenText Threat Intelligence (BrightCloud) platform. The asynchronous response is then internally cached so that future queries for the URL category and reputation will return information successfully. |
| Incremental Update for Web | Indicates whether real-time updates to the appliance’s URL classification database are enabled. These updates do not apply to EC-XS, EC-US, and EC-10104 appliance models. |
| Incremental Update for IP | Indicates whether real-time updates to the appliance’s IP reputation database are enabled. |
| Unclassified URL Reputation | Risk category assigned to URLs that do not have a URL classification in the appliance’s URL classification database. Possible risk categories are: High Risk (1 - 20) Suspicious (21 - 40) Moderate Risk (41 - 60) Low Risk (61 - 80) Trustworthy (81 - 100) |
| Web Traffic Blocked | Number of blocked web traffic flows that have occurred on the appliance over the last five minutes. |
| Events | Click the chart icon to view the following five charts showing statistics for the appliance: Total URL Lookup vs Total URL Success Total Flows Seen vs Denied Flows Total Network Queries Sent High Risk IPs High Risk URLs |
To configure Secure Web Services for an appliance, click the edit icon associated with the appliance listed in the table. The Secure Web Services dialog box opens.
NOTE: The appliance must be licensed to use Secure Web Services. If not licensed, the edit icon is not available.
Secure Web Services Dialog Box
Use the Secure Web Services dialog box to enable and configure Secure Web Services on the appliance.
-
To enable Secure Web Services configuration on this appliance, move the Secure Web Services Config toggle to the right.
-
Complete the following configuration fields as appropriate.
Field Description Enable URL Classification Move the toggle to the right to enable the URL classification feature on the appliance. Incremental Update (for URL Classification) Select this check box to enable real-time updates to the appliance’s URL classification database. Query on miss Select this check box to enable queries when a URL classification is missed.
When categorization of the queried URL is not available in the current URL-related threat intelligence database, the query is sent over the network to the cloud-based OpenText Threat Intelligence (BrightCloud) platform. The asynchronous response is then internally cached so that future queries for the URL category and reputation will return information successfully.Unclassified URL Reputation From the drop-down list, select a risk category to assign to URLs that do not have a URL classification in the appliance’s URL classification database. Risk categories are:
High Risk (1 - 20)
Suspicious (21 - 40)
Moderate Risk (41 - 60)
Low Risk (61 - 80)
Trustworthy (81 - 100)
The default risk category is High Risk.Enable IP Reputation Move the toggle to the right to enable the IP reputation feature on the appliance. Incremental Update (for IP Reputation) Indicates whether real-time updates to the appliance’s IP reputation database are enabled. -
Click Save.