Sangfor IAG – Secure Web Gateway & Web Filtering Solution

Accelerating modern trends such as cloud applications adoption, the move of the hybrid workplace and increased use of mobile and personal devices for work have all constantly put more pressure on the organization to ensure a secure workforce environment. At the same time, a rise in encrypted applications, proxy avoidance applications, and increasingly affordable availability of third-party VPN applications have imposed further liability for the organization where it can easily bypass your security parameter undetected without any protection. You need an extensive secure web gateway not only to protect your organization against these common threats but also as a critical asset for safeguarding user internet access behaviour.

Why Sangfor IAG?

Sangfor IAG enables you to identify, analyze and take immediate action upon user internet access behaviour.


Gain full visibility to find any bad behaviour in encrypted traffic.


Uncover user identity with analytics into who is using what applications and when it is used on your network.


Take full control to increase user productivity by ensuring internet access compliance.

Product Advantages

  • Proxy Avoidance Protection:

Web filters are commonly used by the organization to restrict user internet access to certain web application content and it has increasingly become non-effective against proxy avoidance applications. IAG collaborates with Endpoint Secure to enforce Proxy Avoidance Protection on any user attempt to use this application for bypassing the security perimeter more effectively. The R&D team within Sangfor employs a dedicated team of application signatures security experts who are continuously categorizing and adding the latest proxy avoidance applications to ensure that detection rate and blocking capabilities are current and up to date.

  • Intelligent Traffic Management

Sangfor IAG improves bandwidth utilization by more than 30% using three unique major traffic management solutions. Dynamic Traffic Control automatically adjusts traffic control policies and intelligently allocates idle bandwidth resources. Intelligent Flow Control precisely manages both up-link and down-link P2P traffic and can customize traffic “packages” for different users, allocating specific traffic quotas and limiting bandwidth for heavier users.

  • Gateway and Client Decryption to Uncover Encrypted Traffic

Typically, a majority of internet traffic is protected by SSL/TLS encryption. While encryption helps to keep user and corporate data protected and private, it also creates security challenges when it comes to the rapid growth of malware infections and other malicious content. Sangfor IAG offers both decryption methods including gateway and client decryption to overcome these challenges. This enables an organization to have the flexibility to run either one or both in parallel to uncover encrypted traffic according to your corporate IT strategy and planning.

  • Unified Network-wide Management of all Clients

Sangfor IAG provides Unified Management and effectively controls both Wired and Wireless networks for the entire network. With intuitive and flexible authentication methods, it fully guarantees the security of access control, supporting a variety of traditional authentication methods such as username/password, IP/MAC binding, and a wide array of value-added marketing authentication methods (QR code, SMS, WeChat, Social media, OA account, SAML 2.0, third-party system, etc.). Permissions are controlled based on user, application, location, and client types while using IAG or third-party wireless controller as a unified authentication server, building a faster and more cost-effective wireless network.

  • Precise and Accurate Application Control

Sangfor IAG manages and controls network applications more comprehensively, accurately, and conveniently with the largest application signature database in Asia, which can identify more than 6,000+ applications in its database including 700+ cloud applications, 1,000+ mobile applications, 300+ web applications, and is updated every 2 weeks. In addition, it precisely controls applications according to their specific functions, such as distinguishing upload, download, and other actions in the network. Finally, bulk management mode for large enterprises greatly improves management efficiency.

  • Offloading Performance When Using ICAP Integration With Third-Party System

Sangfor IAG can act as an ICAP client to be used with any ICAP server-enabled network appliance by offloading threat protection or other value-added services. In addition, Sangfor IAG provides request and response inspection mode while enabling the ICAP server group to run on a round-robin or concurrent condition.

  • Secure Onboarding Devices With Endpoint Compliance Check

Sangfor IAG identifies and secures endpoint devices with or without agents, it helps to ensure these devices are connected with compliance and security. You gain visibility and control of what is in your environment without impacting your network performance.

Product Models

HD Capacity64 GB SSD128 GB SSD128 GB SSD64 GB SSD + 960 GB SSD64 GB SSD + 960 GB SSD64 GB SSD + 960 GB SSD
Application Layer Throughput Options40 Mbps80 Mbps160 Mbps400 Mbps600 Mbps1 Gbps
Recommended Concurrent Users50 PCs~100 Mob.200 PCs~200 Mob.600 Users2,000 Users3,000 Users5,000 Users
Model Datasheets
Click to Downloadpdf filepdf filepdf filepdf filepdf filepdf file
HD Capacity64 GB SSD + 960 GB SSD64 GB SSD + 960 GB SSD64 GB SSD + 960 GB SSD64 GB SSD + 960 GB SSD64 GB SSD + 960 GB SSD64 GB SSD + 960 GB SSD
Application Layer Throughput Options1.2 Gbps2 Gbps4 Gbps10 Gbps20 Gbps40 Gbps
Recommended Concurrent Users6,000 Users15,000 Users20,000 Users50,000 Users100,000 Users200,000 Users
Model Datasheets
Click to Downloadpdf filepdf filepdf filepdf filepdf filepdf file

¹ M6000-UPG is a license upgrade from M6000 with application layer bandwidth increased from 1G to 2G.

Frequently Asked Question

Q: How do you connect to an External Authentication Server?

A: Please perform it following:

Step 1. Add a new LDAP Server under the External Auth Server.

Step 2. Enter the details such as Server Name, IP Address of the external authentication server, the admin account username and password and select the BaseDN. After entering all the details, click the Test Validity to check whether able to connect to the external authentication server or not.

Step 3. After testing the validity, a message will prompt out to show the result.

Step 4. Click the Sync with all LDAP servers to sync all the data. Now, the configuration is successfully set.

Q: What is the difference between Secure Web Gateway (SWG) and Firewall/NGFW?

In a typical environment, SWG is used to block access to inappropriate websites or applications, prevent malware infections, and enforce corporate internet compliance. SWG is similar to a firewall in that both prevents malicious activities and provides necessary network security protections. However, the main difference is that SWG emphasizes securing user onboarding and promoting productivity. It is common for an enterprise to use both SWG and firewall to fortify their defence as both of them usually complement each other. For more info on using both IAG and NGAF, please refer to this blog webpage.

Q: What is the difference between IAG Essential Bundle and Premium Bundle?

The main difference is Premium Bundle will have all the Essential Bundle components with the addition of Anti-malware protection (Engine Zero) and threat intelligence (Neural-X).

What is the difference between IAG Essential Bundle and Premium Bundle