Sygate Secure Enterpise (SSE) is a centrally managed host-based firewall system for Windows computers. The architecture consists of several components:
Sygate Security Agent (SSA). The SSA is a Windows service that runs on each protected computer. It is responsible for downloading new policies and configuration data from a management server and then enforcing the IP rules, IDS rules, host integrity rules, and application rules specified in its policy. It is also responsible for uploading all log entries to the management server (though logs can also be cached locally). These activities occur each time the SSA checks in with a management server, currently every 30 minutes. The rules and other configuration parameters are determined by host group membership. Each SSA can be configured with two or more management servers; if it can't contact the first server it will utilize one of the others. Communication between the SSA and a management server takes place over port 80 and does not rely on Windows authentication.
Management Servers. The management servers are IIS web servers that run server-side Java applications. They provide multiple functions. First, they are the gateway for all client communications. Although all the policies, group memberships, and logs are actually stored on the database server, all communications are mediated by a management server. SSA clients never communicate directly with the database server. The management server also provides a client-side Java applet for application administration. All configuration and management is done via this applet, but all data is stored in the database. Multiple management servers can be used to provide load-balancing and redundancy.
Database Server. The database server runs MS SQL and stores all host data, groups, policies, IDS signatures, and logs. All activity on the database server is mediated by the Java applications running on the management servers.
Management Console. The Sygate management console is a Java applet that downloads from a management server and runs in a web browser. The applet interacts with server-side Java applications to provide all application management functionality. Console communications go over port 80 and are encrypted with 3DES by the application. Administrators logon using application accounts which are tied to administrative roles. From the console, administrators can create and modify groups, move computers between groups, build polices and assign them to host groups, view logs, update SSA client installation packages, and manage a variety of other configuration parameters.
All Sygate firewall related questions, concerns or service requests should be routed to the SIT Operations Team. You can contact them by opening a Helpdesk Ticket directly to the SIT group or by e-mailing the IT Services Help Desk at mcsos@u.washington.edu.
Lists below are links for additional resources related to this subject: