Haifeng's Blog

Integrating Cloud SWG (WSS) and SES with ZTNA

by · Published · Updated

This article explains how to integrate Symantec Cloud SWG (WSS) and Symantec Endpoint Security (SES) with Symantec ZTNA. These integrations enable ZTNA to identify user sessions and managed devices coming from WSS and SES, providing unified access control across all Symantec security layers.

1. WSS Integration with ZTNA

Overview

Integrating WSS (Cloud SWG) with ZTNA allows user traffic flowing through the WSS tunnel (ATM) to be recognized and authorized by ZTNA.
ZTNA uses information from WSS — such as user identity, IP mapping, and device context — to make policy decisions.

Steps

  1. In the ZTNA Portal
    • Navigate to Integration → Symantec WSS.
  2. Obtain WSS Tenant Information
    • Log in to the Cloud SWG Portal.
    • Locate the Subscription ID displayed at the top-right corner of the console.
    • Copy the value.
  3. Enter Details in ZTNA
    • In the ZTNA Integration page, provide the Subscription ID collected from WSS.
    • Select Identity Provider integrationSave.
    • The status should change to Online.

For the SAML-based authentication, refer to my other article:
Integrating Azure Entra ID with Symantec ZTNA Using SAML + SCIM

2. SES Integration with ZTNA

Overview

Integrating SES with ZTNA allows endpoints managed by SES to be identified as trusted devices within ZTNA.
ZTNA can enforce posture-based access control (e.g., only managed or compliant endpoints can access internal apps).

Steps

  • In the ZTNA Portal
    • Navigate to Integration → Symantec SES.
  • Obtain SES Tenant ID and Client Key
    • Log in to the SES Cloud Console.
    • Go to Administration → API Clients (or Integrations → API Access).
    • Create or select an existing API Client with read access to device posture data.
    • Copy the following values:
      • Domain ID
      • Customer ID
  • Enter Details in ZTNA
    • In ZTNA, paste the SES Domain ID and Cusomer ID.
    • Click Save.
  • Enable Compliance Reporting in ICDm
    • In the ICDm (SES Cloud Console), open/create the Compliance Policy used by your endpoints.
    • In the Details tab, select:
      • Enabled
      • Report Compliance
    • This setting allows ICDm to send host integrity and compliance status to ZTNA.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *