Jump to Content
Secure Internet Access Enterprise
GuideRelease notesCLIControl Center
TrainingSupportCommunitySecure Internet Access Enterprise
TrainingSupportCommunity
GuideRelease notesCLIControl Center

Welcome

  • Welcome to SIA

Get started

  • Learn about SIA
  • Set up SIA
    • Set up other SIA components
    • Configure DNS forwarding
    • Configure your firewall
    • Set up a dashboard
    • Set a default contract
  • Features in technical preview, beta, or limited availability
  • SIA status page

Manage SIA

  • Create a location
    • About locations
    • Manage a location
  • Create a policy
    • About policies
    • Manage a policy
    • Acceptable use policy
    • User authentication and group policies
    • Set up a custom header
  • Create a list
    • About lists
    • Manage a list
  • Manage an identity provider
    • About identity providers
    • Set up Okta as an identity provider
    • Set up Active Directory Federation Services (AD FS) as a third-party SAML identity provider
    • Set up Microsoft Azure as a third-party SAML identity provider
    • Set up PingOne as an identity provider
    • Enable multi-factor authentication
  • Set up directories and identity connectors
    • About directories
    • Manage a directory
    • Provision users with SCIM
    • About identity connectors
    • Set up an identity connector
    • Connector-to-VM and cloud platform compatibility
    • Create and download an identity connector
    • Manage an identity connector
  • Configure access control
    • Application visibility and control
    • Data loss prevention
    • Access by file type
    • Use device posture for application access
  • Encrypt DNS queries with DoT or DoH
  • Deploy configuration changes
  • Grant delegated or tenant access
  • View connection information
  • Configure general settings
    • Customize error pages
    • Configure email notifications
    • Configure a custom response
    • Customize the Login Portal
    • Clear DNS cache

Manage SIA Proxy

  • About SIA Proxy
    • Selective proxy
    • Full web proxy
    • Benefits of SIA Proxy
    • Limitations of SIA Proxy
    • SIA Proxy MITM certificate
    • Payload analysis
    • Bypass list
    • Support of an on-premises HTTP forward proxy
    • Set up on-premises proxy for the full web proxy
    • PAC file configuration
    • Unverifiable origin certificates
    • Supported cipher suites
    • Zero-day phishing detection
    • Scan file sharing downloads for malware
  • Set up SIA Proxy
    • Create a SIA Proxy MITM certificate
    • Distribute the SIA Proxy certificate
    • Manage a certificate
  • Enable full web proxy
  • Enable selective proxy
  • Set up proxy chaining
    • Configure proxy authorization
    • Configure Squid to forward traffic to SIA Proxy
  • Set up IPsec tunnels
    • Prepare for SD-WAN setup
    • Set up IPsec tunnels between your SD-WAN solution and SIA
    • Create IPsec tunnels in Aruba EdgeConnect SD-WAN
    • Create IPsec tunnels in VMware SD-WAN
    • Create IPsec tunnels in Cisco SD-WAN
    • Supported cipher suites for IPsec
  • Configure the proxy in browsers
  • Configure payload analysis
  • Enable source IP address binding
  • Configure other SIA Proxy settings

Manage ETP Client

  • About ETP Client
    • ETP Client for DNS only
    • ETP Client for web traffic
    • DNS over TLS
    • ETP Client configuration settings
    • ETP Client version number convention
    • ETP Client version support
  • Prepare for ETP Client setup
  • Desktop client
    • Set up ETP desktop client
    • Supported desktop operating systems
    • Download and approval statuses
    • ETP Client on desktop computers and machines
    • Automatic software upgrades and security patches
    • Enable transparent traffic interception
    • Configure Mozilla Firefox to use system proxy settings
    • Allow ETP Client connections on Microsoft Edge
    • Disable DNS over HTTPS on enterprise browsers
    • Enable walled garden
    • Undo ETP Client approval
    • Uninstall ETP Client
    • Software rollback
    • Enable or disable ETP Client
    • Web Proxy Auto-Discovery (WPAD) on Windows
  • Mobile client
    • Distribute the mobile client to Chromebook with Google Endpoint Management
    • Distribute the mobile client with Microsoft Intune
    • Distribute the mobile client with Workspace ONE UEM
    • Distribute the mobile client with MobileIron
  • Bring your own device (BYOD) support
    • Set up Bring Your Own Device (BYOD)
    • ETP Client activation
  • ETP Client reports
  • Disable ETP Client
  • Handle lost devices
  • View the entitlement code

Manage Security Connector

  • About Security Connector
    • Security Connector as a DNS forwarder
    • Security Connector as an HTTP Forwarder
    • Security Connector as a DNS sinkhole
  • Set up the security connector
    • Add a security connector
    • Download Security Connector
    • Deploy Security Connector
    • Create a security connector password
    • Select one or two interfaces for DNS or HTTP Forwarder data
    • Configure the en2 interface
    • Configure the en1 interface
    • Configure DNS name servers
    • Run a connectivity test
    • Generate an activation code
    • Activate the security connector
    • Assign security connectors to a policy
    • Test the security connector
    • Configure HTTP Forwarder
  • Manage DNS Forwarder
    • View DNS Forwarder traffic statistics
    • View DNS Forwarder health status
    • Enable or disable query and response logging
    • Enable or disable DNS Forwarder
    • Change the DNS Forwarder DoT port
    • Configure local DNS servers
  • Manage HTTP Forwarder
  • Manage Security Connector
  • Setup and virtual machine requirements
  • Security Connector Web Console

Analyze reports

  • Dashboard
  • Events
    • Filter event data
    • Configure and apply a filter
    • Filter data based on date and time
    • Select a dimension
    • Search for events
    • View event details
    • View domain details
    • View threat details
    • Add or remove data columns to events tables
    • Download a CSV file with event information
    • Event dimensions
    • Threat event details
    • Access control event details
  • Activity
    • Summary of DNS activity
    • DNS activity
    • Summary of Proxy activity
    • Proxy activity
    • Network Traffic
    • Security Connector activity
    • Identity provider activity
    • IPsec tunnel activity
  • Indicator search
  • Scheduled reports
  • Transport data to your SIEM with Unified Log Streamer

Developer tools

  • ETP Configuration API
  • ETP Reporting API

Troubleshoot

  • SIA
  • ETP Client
  • Security Connector
    • Troubleshoot connectivity test failures
    • Security Connector status
    • Troubleshoot health status failures
    • Resolve DNS Forwarder status failures
    • Troubleshoot HTTP Forwarder
  • Identity connector
  • Grant access to Support
  • Log delivery
  • Known issues and limitations

Set up IPsec tunnels between your SD-WAN solution and SIA

Suggest Edits

You can use any of these SD-WAN solutions to set up IPsec tunnels:

SD-WAN SolutionInstructions
Aruba EdgeConnect SD-WANCreate IPsec tunnels in Aruba EdgeConnect
VMware SD-WAN
(formerly known as VMware SD-WAN by VeloCloud)
Create IPsec tunnels in VMware SD-WAN
Cisco SD-WANCreate IPsec tunnels in Cisco SD-WAN

Updated 4 months ago