Secure Web Gateway

Secure Web Gateway (SWG) is an optional add-on to Coro Network. From the SWG screen, admin users can activate domain name system (DNS) filtering, create allowlists and blocklists, and add custom domain records. DNS filtering allows admin users to restrict or allow access to specific domains, as well as groups or categories of domains. For example, an admin user may block access to suspected malware sites, or enforce company policy by blocking access to gambling sites or social networks.

SWG and DNS filtering are available on macOS, Windows, iOS, and Android.

To access SWG:

  1. Sign in to the Coro console .
  2. From the sidebar, select Control Panel to access the Control Panel .
  3. Select Network :

    Network from Control panel

  4. Select the SWG tab:

    SWG screen

    Coro displays the SWG page.

DNS filtering

In the DNS filtering section, admin users can enable or disable DNS filtering. By default, DNS filtering is disabled.

note

Even if DNS filtering is disabled, other DNS filters are not compatible with devices using the VPN.

When DNS filtering is enabled, Coro automatically assigns DNS filtering to devices that are using the virtual private network (VPN) or zero trust network access (ZTNA) with device labels.

note

Coro does not automatically assign DNS filtering to devices using ZTNA with user labels.

You can add additional devices to DNS filtering by entering their device labels:

DNS filtering labels

note

To apply DNS filtering to additional devices, make sure the VPN in the Coro Agent is connected on each device. For more information, see Connecting a device to the VPN in the Coro Agent.

When filtering is enabled, admin users can enable:

  • DNS resolver anonymous mode : Protects user privacy by not tracking individual data. This option ensures that Coro does not analyze or store the DNS request history.
  • Allowlist-only filtering : Blocks all URLs except those added to the allowlist.

DNS resolver anonymous mode and allowlist-only filtering

Allow/Block Lists

Below the DNS filtering section are the allowlists and blocklists. When an admin user enables DNS filtering for the first time, a predefined inactive set of external blocklists are added to the Allow/Block Lists section. Admin users can view and enable these lists.

DNS filtering

Admin users can add URLs, IP ranges, subnets, and wildcards to lists by entering them manually or uploading them in a text file. To facilitate creating a valid text file, Coro provides a link to a template in the Import URL to allowlist/blocklist dialog. Each entry should be on its own line:

Download templated

View, delete, disable, or enable allowlists and blocklists from the three-dot menus next to each list. Disabled lists appear grayed out:

Menu of allow/block lists

Custom domain records

Custom domain records let admin users define fully qualified domain names (FQDNs) and assign them to static IP addresses. These records are added to the DNS managed by Coro. This makes it easier to access specific devices, like printers or local servers, by a recognizable domain name instead of an IP address.

For more information, see Custom domain records.