Skip to main content

SWG (Secure Web Gateway)

Overview

SWG is Dralvia's secure web gateway, also called Web Access Protection. It evaluates navigation against your workspace policy at the moment a page loads, coaches or blocks risky destinations with an explainable interstitial, and can render risky pages safely in a remote isolated browser (shadow browsing). It is designed so you can see the impact of a rule before you enforce it.

What it is for

  • Apply category and domain rules to web navigation for your workspace.
  • Validate a rule in dry-run first, then enforce it, with no surprise lockouts.
  • Explain to users why a page was blocked and where the safer path is.
  • Preview a risky page safely with remote-isolation shadow browsing.
  • Feed SaaS-governance inventory and controls from the same navigation signals.

How to use it

  1. Open the SWG / Web Access policy dashboard (#/swg-policy). Review categories, domain rules, and exceptions.
  2. Add a monitor / coaching rule and run it in dry-run. Matching navigations are recorded as dry-run events with the decision and category, but nothing is blocked yet.
  3. Review the dry-run events and summary to confirm the impact, then promote the rule to enforce.
  4. When an enforced rule matches, the user sees the blocked interstitial explaining the dominant trigger and the safer path, and the event is recorded.
  5. Use shadow browsing (remote DOM renderer) to open a risky page in an isolated remote browser, and manage exceptions when a destination needs to be allowed.

Evidence and privacy

Navigation decisions, dry-run events, exceptions, and response actions are recorded per workspace and are workspace scoped. Blocked-navigation events carry the decision and trigger so your reviewers can audit them, and they can be sent to TicketBridge. Numbers on the dashboard are computed from these recorded events.

Where it appears

  • SWG / Web Access policy dashboard (#/swg-policy): rules, exceptions, dry-run and enforce, summary.
  • The blocked interstitial in the browser when an enforced rule matches.

Limits

SWG shadow browsing (the remote DOM renderer) is included in Pro plan features; additional shadow-browsing capacity is available as an add-on for unusually heavy render demand. Navigation evaluation depends on the rules and categories you configure. Coverage in private or incognito windows depends on the browser extension being allowed there.