Integration Guide for Genian NAC and SusanINT eWalker SWG
This guide provides information on integrating Genian NAC with SusanINT's eWalker SWG.
Overview
This document explains the configuration and test procedure to integrate the eWalker SWG, a malicious website access control system by SusanINT, with the Genian NAC network access control system.
When an IP address change is detected in Genian NAC, it verifies whether the IP belongs to a user node and then transmits the updated information to eWalker SWG via Webhook (API), allowing eWalker SWG to apply the appropriate policy.
(This guide uses Genian NAC's generic Webhook (API) feature for third-party integration.)
Recommended Versions
| Product (Component) | Version | Remarks |
|---|---|---|
| eWalker SWG | V9.2.2 or later | Post-Dec 2020 versions |
| Genian NAC (Policy Server) | V5.0 or later | Post-Dec 2020 versions |
Integration Purpose
This integration is useful for environments where eWalker SWG is not integrated with HR systems. Genian NAC detects IP changes based on MAC addresses and informs eWalker SWG, enabling policy enforcement against changed IPs.
Benefits:
- Automatic Application of URL Access Policies upon IP Change
- Without integration, administrators must manually reconcile user IP changes. This integration allows automatic policy updates in eWalker SWG based on real-time IP changes.
- Blocking Access for Users Who Change IPs Intentionally
- Systems that do not use HR-based user mapping rely on IP-based control. If a user changes their IP (e.g., using visitor IP ranges to bypass internal restrictions), Genian NAC can detect and block such behavior.
Prerequisites
- Networking Prerequisites
- Ensure communication between the Genian NAC policy server and the eWalker SWG server.
- Default API ports: HTTP TCP/80, HTTPS TCP/8443, 8501
- eWalker SWG Server Info
- Genian NAC collects information in advance about the node that detected the IP change (MAC address or information about the blocking server that detected the IP address change (IP or blocking server name)) and the eWalker SWG server that will transmit the information.
Note
- Example API URL: https://[eWalker SWG IP]:8501
- Example endpoint: https://[eWalker SWG IP]:8501/ewalker/orgdb/dhcp/macid
Genian NAC Configuration
Only essential Genian NAC settings are included here. These are one-time configurations.
Step 1: Create Tag for IP Change
Navigate to Settings > Property Management > Tag Management, click Actions > Create, and add a tag named SWG_IP_Change.
Step 2: Create Node Group via Log Filter
Navigate to Audit > Logs > Search Logs and follow the steps below:
- In the filter setup popup, enter description: Detected additional node IP change and verify that log entries are returned.
| Field | Value | Note |
|---|---|---|
| Description | Detected additional node IP change |
- Click Save at the top right, set name, then change Tag from NONE to Assign, and configure as follows:
| Field | Value | Note |
|---|---|---|
| Target | MAC | eWalker SWG uses MAC as identifier |
| Assign To | MAC | Same as above |
| Tag | SWG_IP_Change | Tag created in Step 1 |
Step 3: Create Node Group for Affected Devices
Navigate to Policy > Group > Node, click Actions, and configure as:
| Field | Condition | Value | Note |
|---|---|---|---|
| Tag | Exists | SWG_IP_Change | Condition 1: Changed IP |
| Authenticated User | Belongs to Dept. | Employee | Condition 2: Must be an employee |
| Condition Logic | AND | Must satisfy both |
Note
A group was created for nodes whose IPs have changed, but Controlling nodes based only on IP changes may be risky. Additional conditions should be used to increase reliability. This guide uses two.
Step 4: Send Node Info to eWalker SWG via Webhook
Navigate to Audit > Logs > Search Logs, click the search bar, and in the filter popup:
- Set description to: Control Policy Changed. NEW='IP change device blocked'
- Click Search, verify data, and click Save to enter filter configuration
- Under Webhook, input the following:
| Field | Value | Note |
|---|---|---|
| Method | POST | Send data |
| URL | https://[eWalker SWG IP]:8501/ewalker/orgdb/dhcp/macid | Can vary |
| CHARSET | UTF-8 | |
| POST Data | See below | Replace reqip with identifiable info like policy server IP |
| Content-Type | application/json |
POST Body:
{
"cmd": "update",
"reqip": "{_SENSORIP}",
"reqtime": "{_DATETIMEZ}",
"list": [
["{_MAC}", "{_IP}"]
]
}
eWalker SWG Configuration
The eWalker SWG settings covered in this article are about the operation method when linking with Genians NAC. This is a setting to replace the user ID of the organization chart used in eWalker SWG with a MAC address and apply the {MAC+IP address} received from Genian NAC to the eWalker SWG policy.
Step 1: Create MAC-Based User Group
To create a policy using MAC addresses, first create a user group
Navigate to Policy > User Control Policy > User Group, then click ADD.
- IP is not used as a unique key. The user is matched by MAC address, and IP is added dynamically.
Step 2: Create MAC-Based Policy
Navigate to Policy > User Control Policy > Policy Settings, then click ADD.
- Use existing or new group policies for user, category, and time groups. You can use default values for remaining options.
After this, Genian NAC will detect IP changes, identify internal users, and automatically update eWalker SWG’s MAC-based IP mapping.
Testing
- Step 1: Verify in Genian NAC Logs
- Confirm event is generated when user node’s IP changes
- Step 2: Verify in eWalker SWG Logs
Open eWalker SWG console at https://[eWalker SWG IP]:8500
Confirm receipt and processing of MAC/IP update log
Example: User with MAC "00:11:22:33:44:55" now mapped to IP "192.168.100.100"
If multiple IPs are seen for a MAC, the integration is working as expected.