Skip to main content

The Best Secure Web Gateways for 2022

A secure web gateway (SWG) is a cyberbarrier that protects an enterprise from web security risks by enforcing corporate policies and blocking illegal network traffic. It provides sophisticated network security by comparing web requests to business rules to block access to hazardous websites. These websites often include trojans, adware, spyware, and malware, which may endanger the data and information of both individuals and businesses. Additionally, SWG protects remote employees and allows them to remain connected securely. It consists of fundamental security technologies such as URL filtering, application control, data loss prevention, antivirus, and SSL inspection to offer enterprises robust web security.

The secure web gateway market is expanding as a result of the expanding usage of the internet and the rising need for preserving and securing end-user data from malware attacks and data breaches. In addition, the increasing incidence of cyber-attacks and the rising need for end-to-end high-security goods have a favorable impact on the global market for secure web gateway solutions. Moreover, owing to the rise in data leakage activities, governments in several nations are investing in secure web gateway solutions, since dangerous links containing malicious code may infect a computer's system and corrupt the browser. In addition, the major industry players are spending heavily on research and development (R&D) to create novel SWG solutions, which is expected to drive market expansion over the coming years.

In this article, we'll help you understand the key factors that should be considered when choosing a secure web gateway product and the must-have features of a web security gateway solution. In addition, we will quickly describe the top secure web gateways in 2022.

Key Features of Secure Web Gateways

Secure web gateways must, according to Gartner, incorporate URL filtering, malicious-code detection and filtering, and application controls for popular Web-based apps such as instant messaging (IM) and Skype.

A web security gateway must have the following characteristics:

  • URL Filtering: URL Filtering is a web security solution that blocks access to websites based on their URL, preventing employees from seeing inappropriate or hazardous content and imposing bandwidth restrictions on streaming services. Internet traffic is either restricted or authorized based on URL categorization, users, user groups, and machines. Using URL filtering, administrators can determine which employees are viewing which websites.
  • Application Control: Application control allows managers to establish specific web security rules depending on users to detect, prevent, or restrict web application use. This ensures the confidentiality of data used by and exchanged across corporate applications.
  • Antivirus Software: Antivirus software is designed to prevent, detect, and destroy software threats such as viruses, adware, and Trojan horses. Manage web security services to monitor your network for efficient incident response and attack resolution using real-time virus signatures to avoid assaults.
  • HTTPS Inspection: On secure web gateways, HTTPS inspection verifies and protects SSL-encrypted traffic passing through the gateway. Gateways using HTTPS inspection decrypt the traffic using the sender's public key, review and secure the information, and then re-encrypt it before returning it to the sender. With a simple administrator policy definition, it is possible to avoid inspecting encrypted data passing through a gateway that does not need an inspection, such as access to banking or healthcare websites.

How to Select Your Secure Web Gateway Vendors?

The following is a step-by-step guide for choosing the finest secure web gateway provider for your corporate network.

  1. Education on Potential Network Security Threats: Organizations that are aware of the underlying risks and vulnerabilities to their systems find it simpler to identify the trajectory and origin of the threats and mitigate the resulting harm. When your security team has a thorough understanding of the issue at hand, they prepare more effectively, which eventually enables them to devise effective solutions. Before assessing or selecting a secure web gateway provider, it is necessary to determine what is occurring on the corporate network and why.
  1. Evaluation of Existing Measures and Tools: After you've completed investigating possible threats and vulnerabilities to your network, review each tool you've previously set up and the measures you've already taken to address malicious traffic in your network after you've completed investigating. If what you have in place is inadequate, compare it to the expense of bringing everything up to speed. If that amount exceeds your budget, restrict your choices to cloud-based secure web gateway providers. If it does not, you have additional possibilities from which to choose.
  1. Determine the Internet Bandwidth: Unfortunately, you cannot just purchase a secure web gateway solution and expect it to integrate seamlessly with your current infrastructure. To get the most out of a potential secure web gateway solution, you may need to update your infrastructure and resources. Before selecting a vendor, you must understand your bandwidth. If you encounter any issues, please contact customer service for assistance. This will also give you an idea of the degree of development assistance you may anticipate.
  1. Verify Product Alignment: In most instances, companies choose cloud-based secure web gateway solutions for product alignment. If so, you must guarantee you can fulfill the standards of your selected tool. This implies that your current procedures and methodologies must be compatible with the potential provider. This includes having access to the necessary assistance for effortless cloud-based deployment. Additionally, you must determine whether the tool is compatible with your current local tools. Choose a secure web gateway provider that satisfies all these standards and can consistently remove cyber attacks and harmful traffic to your business networks.

11 Best Secure Web Gateways for 2022

By installing a secure web gateway (SWG), you may prevent uncontrolled internet traffic from accessing your internal network. It monitors network traffic, rejects incoming threats, and avoids data loss to defend business networks from web-based malware.

In addition to offering policy enforcement capabilities for compliant web surfing, the leading security web gateway providers provide solutions that can filter or scan web content for viruses, spam, and other kinds of malware. Additionally, they can detect and prevent potentially harmful URLs or web traffic.

For your convenience, we have compiled a list of the top eleven secure web gateway products in 2022.

1. Zenarmor

Zenarmor is a fast, efficient, and cost-effective network security solution that can be set up in minutes on any network. It is a lightweight and appliance-free deep packet inspection engine.

In addition to the security provided by common secure web gateway systems, it provides significant reporting and analytic capabilities, a massive database of real-time threat intelligence, enhanced administration, and flexibility. Utilizing its technology, threat detection and response are constantly enhanced.

Zenarmor provides efficient protection against potentially hazardous zero-day websites. Cloud Threat Intelligence (CTI) is a massive database maintained by Zenarmor that includes more than 60 categories and 500 million active domains. This database is constantly increasing and being updated with information from a range of reliable sources, such as commercial and open-source threat intelligence feeds and web categorization databases, Sunny Valley Networks' Security Operation Center, partners' and customers' feedback, etc. Zenarmor and CTI servers provide quick, real-time responses to cyber attacks.

The advanced reporting and analytics capabilities of Zenarmor provide a bird's-eye view of network activities. If you want a comprehensive analysis, you may filter out any particular chart item and home in on the details.

In addition, Zenarmor provides Centralized Cloud Management using Zenconsole to administer all of your firewalls from any location on the planet. Zenconsole simplifies the management of hundreds or even thousands of firewalls using a single interface.

Zenarmor Premium permits the creation of an infinite number of rules dependent on network interfaces, VLANs, subnets/IP addresses, MAC addresses, and users/groups.

It is possible to stream data from Zenarmor Premium to remote external Elasticsearch or MongoDB servers for log processing and communication with Security Information and Event Management (SIEM) and Syslog systems.

The ability of Zenarmor to provide premium users access to the RestFul API is an additional key feature. Paid customers have API callback access to the creation and maintenance of the Zenarmor engine, enabling them to establish their firewall integrations with other security solutions.

Zenarmor offers the following advantages:

  • Web and Application Protection: You will increase the security of your enterprise first and foremost. You will be more resistant to cyber-attacks. To avoid data breaches and malware downloads as a result of social engineering attacks, Zenarmor offers security against malware, botnets, phishing, and spam sites.
  • Compliance: Depending on your sector, you may be required to comply with tougher cybersecurity and operational standards. Zenarmor enables you to increase compliance with regulations like PCI-DSS, CIPA, and HIPAA without incurring responsibility. It also imposes limitations on employee conduct, such as prohibiting gambling and social media use on company property. Violence and adult content may be readily regulated to prevent the dissemination of provocative and pornographic information.
  • Increased Productivity: A group of websites, including online shopping and streaming sites, are productivity drains for the majority of firms. Access limitation has been shown to substantially improve productivity. In addition to limiting access to distracting websites, it is necessary to assess additional channels that may pose a security concern. Zenarmor may be installed at the workplace to prevent "cyberslacking" and the reading of non-work-related websites, hence increasing productivity.
  • Bandwidth Management: Internet usage unrelated to work consumes a substantial amount of network resources. Limiting access to certain websites, such as YouTube, may increase network capacity utilization and clear your business network of unwanted content.
  • Better Network Visibility: The reporting function of Zenarmor provides your company with a better view of the traffic that enters and exits your network. Thus, your security team will be able to monitor incoming and outgoing requests throughout the whole network perimeter or between particular endpoints.

2. Netskope Next-Gen Secure Web Gateway

Netskope is a startup established in the United States that provides a cloud-native platform with a data-centric security strategy. The platform defends its customers against attacks on cloud apps, infrastructure, and elsewhere on the internet. Netskope was designated a Leader in the 2022 Gartner MQ for Security Service Edge, a Visionary in the 2022 Gartner MQ for Secure Web Gateways, and a Leader in the 2022 Gartner MQ for Cloud Access Security Brokers (CASB).

The Next-Generation Secure Web Gateway is the foundation of the Netskope SASE system. It is a new cloud-native solution for safeguarding companies from the increasing number of sophisticated cloud-enabled attacks and data threats. It represents the natural progression of the conventional secure web gateway, commonly known as a web proxy or web filter. Netskope Next Gen SWG handles both cloud and web traffic, while a standard secure web gateway just handles web traffic and is oblivious to cloud-enabled threats and data risks for personal instances of managed applications, thousands of shadow IT apps, and cloud services.

Next-Generation SWG enables you to continue operations without surrendering control over corporate data mobility in apps and cloud services or choking processes with blanket prohibitions on specific applications and activities. Considering the recent and huge transition from office work to remote work, as well as the movement of conventional on-premise infrastructures to the cloud over the last several years, this is critical.

These are the six functionalities exclusive to a Secure Web Gateway of the Next Generation:

  • Establishment of permissible use policies: Combining standard web filtering encompassing URL categories, custom categories, and dynamic page ratings for new sites with full cloud app use ratings, dangers, and permissible use regulations that span both the cloud and the web is recommended.
  • Monitors and evaluates certain activities: Realize inline visibility for tens of thousands of managed and unmanaged applications, cloud services, and web traffic, and consolidates SWG+CASB+DLP capabilities into a single platform.
  • Protection against dangers: Protect against web- and cloud-based malware and advanced threats with advanced defense capabilities, such as cloud app instance awareness to detect rogue and personal instances used to deliver phishing and threats, pre-execution analysis of scripts and macros, cloud and bare-metal sandboxing, and machine learning-based threat analysis and anomaly detection.
  • Granular application administration: Obtain real-time, granular control over hundreds of cloud applications, even those run by business lines and users instead of IT. This allows you to prevent harmful things from occurring and securely permit positive ones.
  • Includes direct Internet access: Eliminate expensive backhauling and increase performance for distant offices and users with a cloud-based network architecture tailored for low latency and high capacity globally.
  • Data protection everywhere: With extensive capabilities ranging from exact match to fingerprinting with similarity matching, data can be tracked and protected wherever it travels, and accurate and precise inspection can be ensured.

3. Skyhigh Security Web Gateway

In July of 2021, Symphony Technology Group (STG) bought McAfee Enterprise and FireEye. STG merged McAfee Enterprise's Security Service Edge (SSE) business with Skyhigh Security in March 2022. The new Skyhigh Security platform is a fully integrated cloud security platform that includes CASB, ZTNA, RBI, DLP, CNAPP, and Secure Web Gateway (SWG).

The Secure Web Gateway from Skyhigh Security is a cloud-native and intelligent web security solution. It enables administrators to obtain network visibility and restrict web access to safeguard users against zero-day attacks and prevent data leakage. The system provides cloud-native web security with minimal latency, exceptional speed, and 99.99 percent service availability.

The main features of the Skyhigh Security web gateway are listed below:

  • Multi-Vector Data Protection: Provides complete visibility and consistent protection of sensitive data across endpoints, online, cloud, and private apps utilizing built-in DLP templates, inline data protection procedures, and one-click extension of current DLP rules.
  • Remote Browser Isolation: Prevents web page threats from reaching endpoints with intelligent, multi-layer remote browser isolation technology that enables safe online browsing through strong machine learning analysis of real-time data.
  • Real-Time Threat Protection: Real-Time Threat Protection is a multi-layered strategy that combines dynamic threat information for URLs, IP addresses, and file hashes with real-time protection against known threats, machine learning, and emulation-based sandboxing.
  • Integrated CASB Data Protection: A sophisticated DLP engine with integrated CASB capabilities controls access to all cloud services and safeguards against the risk of data loss from a single interface.

4. Zscaler Secure Web Gateway

For ten years in a row, Zscaler has been positioned as a leader in the Gartner Magic Quadrant for Secure Web Gateways. In 2021, Gartner established the security service edge (SSE), which is an aspect of SASE and a new category that incorporates SWG, and subsequently positioned Zscaler as a Leader with the highest "Ability to Execute" in the 2022 Gartner Magic Quadrant for Security Service Edge.

Zscaler Web Security is a cloud-based web security gateway featuring URL filtering, a firewall, cloud-based application control, antivirus, anti-spam, and DNS filtering, among other features. A benefit of being a member of the cloud gateway is that any danger discovered by any user is instantly banned for all clients - there are over 120,000 daily security upgrades to guard against the most recent attacks. The program can also examine SSL traffic, which is difficult for many other platforms to assess.

The key attributes of Zscaler Web Security are as follows:

  • Discover concealed risks with complete TLS/SSL visibility
  • Integrated with features such as sandboxing, cloud firewall, CASB, and DLP
  • Integrated security policies, monitoring for contextual threats, and API access
  • Identify affected on-premises devices and botnets
  • A worldwide cloud with more than 150 data center locations for performance and speed

The antivirus utilizes signatures from more than sixty threat sources to detect new threats. However, the software's capabilities are not restricted to monitoring security incidents; you can also enhance the speed of your network. Zscaler Web Security's bandwidth management features may prioritize vital apps over less important traffic.

Several data protection measures are available to safeguard your files from loss or destruction. Implement Data Loss Prevention to secure user data. A Cloud Application Security Broker regulates user access to programs, while File Type Controls define which files may enter and depart the network.

5. Cisco Umbrella

Cisco Umbrella is a market leader in cloud-based SASE and cybersecurity solutions. It integrates many security tasks into a single solution (SASE), including Secure Web Gateway, Cloud-delivered Firewall, CASB, and DNS security. In 2021, Cisco Umbrella was positioned as a leader in the web security Radicati Market Quadrant.

Cisco Umbrella Secure Web Gateway is a cloud-native SWG solution for sophisticated web protection. It offers comprehensive web proxy functions, such as monitoring, logging, and managing web traffic. In addition, the defense of Cisco Umbrella SWG is strengthened by Cisco Talos, one of the major threat intelligence organizations.

It offers safety to devices, distant users, and distributed places. This is why many firms think that Cisco offers possibly the simplest solution to safeguard your users in minutes, regardless of their location.

Through machine learning, Cisco Umbrella can search for, detect, and even anticipate dangerous domains. It automatically detects the attacker infrastructure preparing for the next threat by analyzing internet activity patterns and then blocks the domains to protect your network from possible intrusion.

In addition to delivering a secure web gateway, a single cloud security service may include a firewall and a cloud access security broker (CASB).

The main features of Cisco Umbrella are as follows:

  • SSL/TLS inspection and decryption of communication.
  • Advanced antivirus and malware protection.
  • URL logging and reporting in real-time.
  • Inspection of advanced files, sandboxing and blocking.
  • Granular control over applications and content.

6. Palo Alto Networks Cloud SWG

Through Palo Alto Networks Prisma Access, Palo Alto Networks Cloud SWG offers comprehensive cloud security. World-class threat prevention allows you to regulate your web traffic with powerful security against malware, fileless attacks, and phishing, including decryption and granular controls. Next-Generation CASB capabilities and Enterprise DLP enable complete insight into SaaS apps and guarantee that sensitive data is always safeguarded, whether at rest or in transit, enabling you to maintain compliance. Additionally, it makes it simple to extend these security features uniformly to everyone, anytime, and on any device.

The primary features of Palo Alto Networks Cloud SWG are as follows:

  • Cloud Delivery: Cloud SWG offers its world-leading security capabilities through Prisma Access, one of the most comprehensive cloud-delivered security platforms. Prisma Access enables unlimited scalability and performance, connecting and protecting any person, device, or application with seamless efficiency.
  • Natively Integrated SaaS Security: Cloud SWG delivers natively integrated Enterprise DLP and Next-Gen CASB capabilities through Prisma SaaS and offers enhanced risk identification, compliance assurance, data governance, user behavior monitoring, and advanced threat prevention capabilities.
  • Advanced Threat Prevention: Cloud SWG uses the power of security services to prevent web-based attacks, allowing you to enable apps, users, information, and devices in a secure manner by defending against known and undiscovered threats.
  • Enterprise DLP: Palo Alto Networks provides a complete data security solution, covering every network and web transmission for all users regardless of location, for numerous SaaS apps and public clouds, while eliminating blind spots across on-premises and multi-cloud settings.
  • Remote Browser Isolation: RBI technology may limit the attack surface by creating a separation between the network and web-based external information. Through the CloudBlades architecture, Palo Alto Networks clients may integrate with many industry-leading RBI providers.
  • Prisma Access Cloud Management: Use the Prisma Access Cloud Management interface to administer all SWG capabilities. This cloud-based administration experience improves operational efficiency with streamlined processes and out-of-the-box setup, making day-to-day management easier.

7. iboss

iboss Security, an arm of Phantom Technologies Inc., founded in 2003, is a worldwide supplier of network security solutions. The iboss Security product range provides network traffic visibility and threat prevention. Effectively securing high-demand networks for web content management, infiltration, mobile device security and administration, and email security using proprietary engineering. The iboss SWG Web Security Solution is a comprehensive and user-friendly solution that scans over SSL/HTTPS to secure sensitive data, manages network resources via bandwidth management features, restricts access to social media material, detects dangers, and reports traffic. In addition, it provides the utmost control and flexibility owing to extensive filling rules that may be configured by user group(s).

iboss SWG Web Security Solution is an essential, cost-effective solution that handles the increasing complexity of modern filtering and network security issues.

The integrated BYOD Management package of iboss Web Security offers network administrators the means to guarantee that BYOD access is filtered against malware, botnets, and DLP. Additionally, it maintains bandwidth on the BYOD network, therefore sustaining and maintaining the integrity of mission-critical traffic.

iboss Bandwidth Management provides visibility and control over network traffic. Flexible rules may be implemented to limit non-critical traffic during peak hours while preserving network connectivity for mission-critical applications. With real-time bandwidth monitoring and exhaustive data reports, IT can discover bandwidth-intensive locations.

The main features of iboss SWG are as follows:

  • Comprehensive Web Filtering
  • Application Firewall
  • Real-Time MRTG
  • Remote Management
  • Policies Users/Groups
  • Real-Time URL Updates
  • Simple & User-Friendly Interface
  • Plug & Play with No Software to Install
  • Compatible with any Operating System
  • QoS/Bandwidth Shaping
  • Policy Scheduling
  • Robust Reports
  • Individual User Login with LDAP/Active Directory Integration

8. Forcepoint Web Security

Forcepoint (previously Websense) is a major cybersecurity service for user and data protection. Their solutions use a data-first security strategy to safeguard data from the endpoint to the cloud. In addition, Forcepoint provides current threat and behavioral intelligence, AI/ML, and data science for behavioral analytics.

Forcepoint ONE is the unified cloud security platform that consists of web gateways (SWG, CASB, and ZTNA), security services (RBI, AV, and CDR), and zero trust. Forcepoint Secure Web Gateway is capable of proactively inspecting material and preventing sophisticated attacks. The program may be installed locally, in the cloud, or in hybrid setups.

Forcepoint Web Security employs the Advanced Classification Engine (ACE), which consists of over 10,000 analytics, machine learning, and behavioral baselines, to identify threats.

The AMD function is the primary line of protection against malware for Forcepoint Web Security. AMD utilizes cloud sandboxing to limit malware outbreaks and reduce network downtime. Sandboxing facilitates risk mitigation and the restoration of regular operations.

In addition to having a 100 percent detection rate for attacks using fingerprinting, the solution is also prepared against less visible dangers. If an attack is successful or a calamity occurs, Forcepoint Web Security protects your data with data loss prevention. You can manage data loss protection policies efficiently using a single portal.

The main features of Forcepoint SWG are as follows:

  • A smooth handoff function provides for flexibility in enforcement.
  • Comprehensive data security and sophisticated threat detection (powered by ACE).
  • Unified and unified point of access for online security, DLP, CASB, and NGFW.
  • Monitor and keep track of cloud application consumption.

9. Symantec Secure Gateway

The Symantec Web Security Service is an enterprise cloud-based web security gateway that integrates seamlessly with your security stack. It combines a secure web gateway with a multitude of additional features, including email security, data loss prevention, sophisticated threat protection, and a cloud access security broker, to provide you with comprehensive threat detection capabilities.

Advanced web and cloud security is provided by the Symantec Web Security Service via a worldwide network of accredited data centers. Its Universal Policy Enforcement (UPE) features also enable administrators to establish and deliver protection rules to all of their gateways.

This web security gateway utilizes real-time threat intelligence from the Symantec Global Intelligence Network to keep your network abreast of the most recent dangers. It detects cyber assaults using machine learning and picture analysis.

The Symantec Integrated Cyber Defense Platform, which enables customers to automate threat remediation, is included with the gateway solution. This allows you to shut down risk factors as early as possible and blacklist threats to reduce your network's exposure to attacks.

The main features of Symantec SWG are as follows:

  • DLP and Advanced Threat Prevention.
  • Network access to Symantec Global Intelligence.
  • User Authentication.
  • Provide insight into SSL-encrypted communication.
  • Identify cloud app use.

10. Fortinet Secure Web Gateway

Fortinet is a major supplier of high-performance network security solutions on a worldwide scale.

FortiProxy is the Secure Web Gateway solution offered by Fortinet. FortiProxy provides anti-virus protection, web filtering, a DNS filter, application controls, intrusion detection systems, content analysis, traffic shaping, data loss prevention, ICAP Client/Server integration, caching, and VPN access. It connects with Fortinet's Security Fabric to provide sandboxing, zero-trust web surfing, and centralized logging and reporting.

The Secure Web Gateway from Fortinet addresses the issue of safeguarding hybrid settings. While the next-generation SWG hardware/virtual appliance (FortiProxy) defends the network's perimeter, cloud-delivered SWG (with FortiSASE) safeguards distant users. In addition, Fortinet SWG has access to threat information in real-time (with FortiGuard Security Services).

The key features of FortiProxy SWG are as follows:

  • Web content caching and filtering.
  • Application controls
  • Antivirus, antispam, antimalware, and anti-botnet.
  • Inspection of SSL traffic.
  • Inline CASB and Data Loss Prevention.
  • Native integration with ZTNA.
  • Centralized management and monitoring.

The Secure Web Gateway can do a comprehensive analysis of SSL (hardware accelerated) and SSH traffic to uncover hidden dangers. L2/L3 deployment choices are flexible for both transparent and explicit modes for Active/Passive clusters for failover and Active/Active clusters (scalable up to 8) with the option for single cache-collaboration storage.

FortiGuard Threat Intelligence is supported by FortiGuard Labs, which has over 200 researchers in 31 countries committed to detecting new threats. For example, over 150,000 websites are banned every minute by the FortiGuard web filtering program. It is also possible to ban or whitelist certain websites.

The authenticated web application control enables the user to specify access controls that limit user access. For instance, the user may limit access to social networking sites by user or group. The tool supports 3000 applications. Likewise, data loss protection prevents important files from falling into the wrong hands.

11. Barracuda Web Security Gateway

Barracuda Networks is the world's leading provider of network security, application delivery, and data protection solutions. Zero Trust Access, SASE, Cloud/Gen Firewall, Secure SD-WAN, and Web Security & Filtering are some of Barracuda's network security offerings (which include Web Security Gateway or Content Shield).

Barracuda Secure Web Gateway is a powerful web security and control solution. It is one of the most secure web gateways for protecting users from malware, viruses, and sophisticated threats sent across the internet. Additionally, Barracuda SWG offers robust administration and reporting features. The technology enables network administrators to impose detailed controls on user actions (such as controlling access to sites and apps).

It may remotely analyze SSL-encrypted communications and censor online content. Barracuda Web Security Gateway employs threat intelligence, antivirus software, and anti-spyware to protect against a variety of online threats. Barracuda Advanced Threat Protection (ATP) compares incoming files to a database of cryptographic hashes and blocks any harmful material. Any files that do not match are transferred to a virtual sandbox where they may be checked without posing a threat to the network as a whole.

The software also provides dashboards for monitoring not just threats but also user activities. There is also an alert function that notifies you when a security event is commencing. You may utilize the reporting tool to evaluate the event's aftermath for post-event follow-up.

The key features of Barracuda SWG are as follows:

  • Granular management of website and application access (including social media).
  • Threat intelligence enables the industry's leading content filtering and virus prevention.
  • Gain more visibility with proactive alarms, SSL-encrypted traffic, a simple dashboard, and integrated reports.
  • Filtering traffic from distant clients using expanded rules.