Sangfor IAG - Secure Web Gateway & Web Filtering Solution
Modern trends like cloud application adoption, hybrid workplaces, and increased use of personal devices challenge organizations to secure their workforce. The rise of encrypted applications, proxy avoidance tools, and affordable third-party VPNs further bypass traditional security perimeters undetected. Sangfor IAG acts as a robust secure web gateway, protecting against these threats while safeguarding user internet behavior.
Why Choose Sangfor IAG?
Sangfor IAG empowers organizations to identify, analyze, and respond swiftly to user internet access behavior.

Sangfor IAG provides comprehensive visibility to detect and address malicious behavior within encrypted traffic.

Sangfor IAG uncovers user identities, providing detailed insights into who is using specific applications and when they are accessed on your network.

Sangfor IAG empowers you to take full control of internet usage, ensuring compliance and boosting user productivity.
Product Advantages
Proxy Avoidance Protection
Sangfor IAG, in collaboration with Endpoint Secure, effectively enforces protection against proxy avoidance applications, ensuring users cannot bypass the security perimeter. Sangfor’s dedicated R&D team continuously updates application signatures to maintain optimal detection and blocking capabilities.
Intelligent Traffic Management
Sangfor IAG optimizes bandwidth utilization by over 30% with advanced traffic management solutions. Dynamic Traffic Control adjusts policies to allocate idle bandwidth intelligently, while Intelligent Flow Control manages P2P traffic and allows customized traffic quotas, ensuring balanced usage for all users.
Gateway and Client Decryption for Encrypted Traffic
Sangfor IAG addresses the security challenges of SSL/TLS-encrypted traffic by offering both gateway and client decryption methods. This flexibility allows organizations to uncover encrypted traffic and mitigate threats effectively, aligning with their IT strategies and needs.
Unified Network Management for All Clients
Sangfor IAG enables unified control of wired and wireless networks with intuitive authentication, ensuring secure access control. It supports diverse authentication options like IP/MAC binding, QR codes, SMS, social media, and SAML 2.0, allowing permissions based on user, application, and location for seamless and cost-effective network management.
Comprehensive Application Control
Sangfor IAG offers precise management of over 6,000+ applications, including 700+ cloud apps, 1,000+ mobile apps, and 300+ web apps, updated biweekly. It enables detailed function-based controls, such as distinguishing uploads and downloads, while its bulk management mode enhances efficiency for large enterprises.
Efficient ICAP Integration for Performance Optimization
Sangfor IAG functions as an ICAP client, integrating seamlessly with ICAP server-enabled appliances to offload threat protection and value-added services. It supports request and response inspection modes and enables ICAP server groups to operate in round-robin or concurrent configurations for optimized performance.
Secure Device Onboarding with Endpoint Security Posture
Sangfor IAG ensures secure and compliant connections for endpoint devices, whether they use agents or not. It provides visibility and control over your environment without compromising network performance.
Secure Internet Gateway Use Cases
Office Network Management
Without Sangfor IAG, office environments can resemble internet cafes, with unrestricted access to video, social media, and entertainment. IT administrators struggle to identify bandwidth-hogging users, making it difficult to control browsing behavior. Sangfor IAG addresses this by identifying and managing non-work-related applications, ensuring bandwidth is allocated to critical business operations. Its advanced traffic management features maximize bandwidth usage and improve productivity. For multi-branch organizations, IAG offers a unified management platform and 3G link backup for efficient and reliable network management.
Public WiFi Management
Sangfor IAG supports diverse authentication methods, integrating with AD and Radius for SSO across internal networks. Guest authentication is simplified with options like Facebook, WeChat, and SMS, managing both wired and wireless users on a single platform. IAG also enables switch-based user access control for LAN users. Additionally, IAG integrates seamlessly with WLAN vendors like Cisco and Aruba, allowing the Unified Authentication Center to streamline network integration and management processes effectively.
Public WiFi Management Internet and Internet Access Proxy
Sangfor IAG acts as a secure web gateway, defending against web-based threats while ensuring secure internet access. It seamlessly integrates with on-premise applications and internet traffic. With accelerated SSL decryption, IAG efficiently monitors and analyzes all HTTP and HTTPS traffic, overcoming limitations faced by solutions like NGFW or UTM. Powered by an AI-based threat intelligence platform, it provides advanced web filtering services, effectively identifying both known and unknown threats. Users remain protected while enjoying a safe and secure browsing experience.
Legal Compliance
Sangfor IAG helps organizations address the growing challenge of unauthorized network use by complying with legal regulations on user internet access behavior. Its internal application database logs malicious user activities such as file uploads, BBS postings, emails, browsing history, and accessed applications. This robust audit solution not only ensures compliance with local laws but also provides critical investigative support for addressing illegal network usage incidents.
Frequently Asked Question
How do you connect to an External Authentication Server?
Configuring LDAP Server in Sangfor IAG
Add a New LDAP Server
Navigate to the External Auth Server section and add a new LDAP server.Enter LDAP Server Details
Provide the Server Name, IP Address of the external authentication server, admin account username, and password. Select the BaseDN, then click on Test Validity to verify connectivity to the external authentication server.Test Result
A message will appear showing the result of the validity test.Sync Data
Click Sync with All LDAP Servers to synchronize all data. The configuration is now complete.
What is the difference between Secure Web Gateway (SWG) and Firewall/NGFW?
Secure Web Gateway (SWG) Overview
Secure Web Gateway (SWG) blocks access to inappropriate websites or applications, prevents malware infections, and enforces corporate internet compliance. While similar to firewalls in preventing malicious activities and ensuring network security, SWG focuses on securing user onboarding and enhancing productivity. Enterprises often deploy both SWG and firewalls together to strengthen their defenses, as they complement each other effectively.
For more details on integrating Sangfor IAG and Network Secure, refer to the corresponding blog webpage.