XG and Endpoint Policies

I also just noticed the Web Gateway product, which yet again appears to offer web filtering function. so know I'm getting very confused as to how I would manage multiple products that offer the same functions, as well as keeping each of the policies in sync with each other.

I also just noticed the Web Gateway product, which yet again appears to offer web filtering function. so know I'm getting very confused as to how I would manage multiple products that offer the same functions, as well as keeping each of the policies in sync with each other.

The policies do not get synced between the XG firewall and the endpoints. The purpose of each product is different and even though they have similarities they are not the same. The endpoint protection software is your basic antivirus, antimalware, and anti-date theft solution, which gives the admins an added control over defining web and application based controls as well. These are for admins to block the most common applications/web categories and is not as granular as the XG Firewall. Endpoint Security's main purpose is securing a single PC managed centrally by the local admin. These PCs could be a part of a single or multiple LANs. 

The XG Firewall is your gateway device. You can go into the every minute detail in the firewall and have option to select from more than two thousand applications. Similarly the web categories available under the XG firewall are more extensive than what the endpoint protection provides. Keep in mind web filtering and application control is one of the primary functionalities of an NGFW while it is NOT for an endpoint protection software.

So if lets suppose you have a network with computers running endpoint protection which are all connected to an XG firewall which is acting as the default gateway. If for example you have blocked pornography in endpoint protection and not on the XG Firewall, then anyone bringing their own device, which will obviously not have endpoint protection installed, will be able to browse porn since the XG is not blocking it. So in short anything endpoint is blocking will be blocked on all those computers which are running endpoint protection even though XG allows it. Similarly any application/web category being blocked by the XG will be blocked even if its blocked or not by the endpoint.

In security applications its best to have every possible defense system active so that the chances of something creeping past these defenses gets lower and lower. At the end of the day there are still backdoors through which users will be able to get past these defenses, but the more the defenses you have the more difficult it gets for the user and any hacker.