Can SafeSquid-SWG do Content Filtering also on mobile devices?
Posted: Mon Apr 13, 2020 4:15 am
The answer to this question totally depends upon the mobile apps used by the user in their mobile devices.
Let's first Reframe the question properly.
Can SafeSquid-SWG installed on a Corporate network, do content filtering of mobile devices connected to that network
Indetailed:
1) can we block content filtering feature like blocking Facebook features: like, share , comment etc. In FaceBook Mobile App
2) can we block login to LinkedIn in LinkedIn mobile app
3) can we block attachment on Mobile Apps like Gmail, Dropbox, private file upload etc and other cloud storage apps.
And many other content filtering provided by SafeSquid-SWG.
etc.
Short & Quick Answer:
In order to do Content filtering the below two conditions should be met, they are :-
1) Inorder to do content filtering the mobile app should honour the proxy settings and send the connect request properly.
2) The mobile app should be able to accept the CA certificate installed on that device which is required to do SSL Inspection and thus does the content filtering.
Indetailed Answer Explaination:
In order to understand the answer properly let's first understand
1) What are the PREREQUISITES needed so that the traffic can reach the SafeSquid-SWG?
2) How SafeSquid-SWG does Content Filtering?
3) What level of Content Filtering can be done?
4) And why it cannot be done on some applications(this covers any application that access Internet resources on any operating system)?
Each and every topic will be linked to a specific documentation explaining the indetailed view of the respective topic.
Please go through the above links and understand a quick look at the do's and don't s of SafeSquid-SWG.
COMING back to the actual question.
Mobiles devices have a lot of application installed which we generally call apps.
The very first prerequisite that we learned from above topic is the mobile device should be able to send traffic to internet via the SafeSquid-SWG.
The way of doing so is :-
1) Setting Up SafeSquid-SWG as Forward Proxy :- which requires user to do Configuration of Proxy Settings on mobile devices
The Wifi settings on almost all devices contains settings to configure Proxy settings.
Note (Must to Know) :
1) When Proxy settings are configured on mobile devices not all mobile apps will honour the global WiFi Proxy settings and therefore send the traffic directly to the Gateway.
Example : The most used app WhatsApp does not honour the wifi proxy settings and therefore if internet is blocked on gateway this app will just not work.
The Second Prerequisite SAFESQUID-SWG CA Certificate is installed on that device.
Note (Very Important) : most of the mobile apps will not honour the user installed CA Certificate,Why???
The Article: Application not working via SafeSquid-SWG if SSL inspection is enabled .
Will help you understand the problem.
Most of the apps connect to internet to perform some online tasks, they can connect to internet to do different things like:
1) sync data
2) download files
3) play online content
4) play online games which is again sending data back and forth.
5) to show/display advertisements.
And many more
If any of the app does not honour proxy settings then it will not work properly.
Now the answer above explains us that we cannot properly use content filtering mobile devices.
But if the mobile app can honour the proxy settings then SafeSquid can still do filtering of traffic based on
User IP, User Groups, user visited domain/IP, user agent : unique identity provided by the app. In any combination etc.
Short & Quick Answer:
Even if due to mobile application security custom CA certificate is not accepted by the application,
SafeSquid-SWG can
1) still block videos on Facebook App
2) block advertisements
3) block YouTube app or apply restrictions on YouTube videos.
4) block any mobile application.
5) block any online cloud storage application.
6) block internet for specific groups of users
Etc
Let's first Reframe the question properly.
Can SafeSquid-SWG installed on a Corporate network, do content filtering of mobile devices connected to that network
Indetailed:
1) can we block content filtering feature like blocking Facebook features: like, share , comment etc. In FaceBook Mobile App
2) can we block login to LinkedIn in LinkedIn mobile app
3) can we block attachment on Mobile Apps like Gmail, Dropbox, private file upload etc and other cloud storage apps.
And many other content filtering provided by SafeSquid-SWG.
etc.
Short & Quick Answer:
In order to do Content filtering the below two conditions should be met, they are :-
1) Inorder to do content filtering the mobile app should honour the proxy settings and send the connect request properly.
2) The mobile app should be able to accept the CA certificate installed on that device which is required to do SSL Inspection and thus does the content filtering.
Indetailed Answer Explaination:
In order to understand the answer properly let's first understand
1) What are the PREREQUISITES needed so that the traffic can reach the SafeSquid-SWG?
2) How SafeSquid-SWG does Content Filtering?
3) What level of Content Filtering can be done?
4) And why it cannot be done on some applications(this covers any application that access Internet resources on any operating system)?
Each and every topic will be linked to a specific documentation explaining the indetailed view of the respective topic.
Please go through the above links and understand a quick look at the do's and don't s of SafeSquid-SWG.
COMING back to the actual question.
Mobiles devices have a lot of application installed which we generally call apps.
The very first prerequisite that we learned from above topic is the mobile device should be able to send traffic to internet via the SafeSquid-SWG.
The way of doing so is :-
1) Setting Up SafeSquid-SWG as Forward Proxy :- which requires user to do Configuration of Proxy Settings on mobile devices
The Wifi settings on almost all devices contains settings to configure Proxy settings.
Note (Must to Know) :
1) When Proxy settings are configured on mobile devices not all mobile apps will honour the global WiFi Proxy settings and therefore send the traffic directly to the Gateway.
Example : The most used app WhatsApp does not honour the wifi proxy settings and therefore if internet is blocked on gateway this app will just not work.
The Second Prerequisite SAFESQUID-SWG CA Certificate is installed on that device.
Note (Very Important) : most of the mobile apps will not honour the user installed CA Certificate,Why???
The Article: Application not working via SafeSquid-SWG if SSL inspection is enabled .
Will help you understand the problem.
Most of the apps connect to internet to perform some online tasks, they can connect to internet to do different things like:
1) sync data
2) download files
3) play online content
4) play online games which is again sending data back and forth.
5) to show/display advertisements.
And many more
If any of the app does not honour proxy settings then it will not work properly.
Now the answer above explains us that we cannot properly use content filtering mobile devices.
But if the mobile app can honour the proxy settings then SafeSquid can still do filtering of traffic based on
User IP, User Groups, user visited domain/IP, user agent : unique identity provided by the app. In any combination etc.
Short & Quick Answer:
Even if due to mobile application security custom CA certificate is not accepted by the application,
SafeSquid-SWG can
1) still block videos on Facebook App
2) block advertisements
3) block YouTube app or apply restrictions on YouTube videos.
4) block any mobile application.
5) block any online cloud storage application.
6) block internet for specific groups of users
Etc