This article covers how traffic is directed to Umbrella's Secure Web Gateway (SWG) for the following deployments: Cloud-Delivered Firewall (IPsec Tunnel), AnyConnect Secure Web Gateway Module and PAC file.
IPsec Tunnels created to Umbrellas Cloud-Delivered Firewall (CDFW) will automatically forward traffic on ports 80 and 443 to the SWG.
In the dashboard reports, the Proxy logs will show the URL e.g https://cisco.com. The IP and port number will be shown in the firewall logs (e.g 18.104.22.168:443).
AnyConnect Secure Web Gateway Module
The AnyConnect SWG Module sends traffic received on ports (80/8080 and 443/3128) to the SWG on ports 80 and 443, respectively.
For PAC file deployments, any HTTP and HTTPS traffic will be sent to the SWG. The SWG will connect to ports 80 or 443 dependant on the type of traffic HTTP/HTTPS.