Manual Chapter : Configuring APM for Application Filtering

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 14.1.0
Manual Chapter

Configuring APM for Application Filtering

About application families

Access Policy Manager® (APM®) supports a predefined set of application families and applications. An
application family
name characterizes the type of applications associated with it. Users cannot add applications or application families to APM.

About application filters

An
application filter
specifies the applications (and application families) that Access Policy Manager (APM) supports and a filtering action (allow or block) for each application. An application filter can be used in a per-request policy in a supported APM configuration to control access to supported applications.
APM provides predefined application filters: block-all, allow-all, and default. The default application filter allows access to some application families and blocks access to others. Users can define their own application filters and use those that APM provides.

Overview: Configuring filters for application access

Access Policy Manager® (APM®) provides a few default application filters and you can configure additional filters. Application filtering is effected in a per-request policy.

Task summary

Specifying the default filter action for an application

You can change the default filter action (block or allow) for any application. When you create a new application filter, the applications in it specify the default filter action.
A change to the default filter action for an application has no effect on existing application filters.
  1. On the Main tab, click
    Access Policy
    Secure Web Gateway
    Applications
    .
    The Applications screen displays.
  2. To view applications, expand an application family.
  3. To modify the default filter action for an application:
    1. Click the application name.
      An Application Properties screen displays.
    2. From the
      Default Filter Action
      list, retain the displayed setting or select another.
      The options are
      Block
      and
      Allow
      .
    3. Click
      Update
      .
      The Applications screen displays.
The default filtering action for the application is updated and is used when a new application filter is created.

Configuring application filters

Configure an application filter to specify how to process requests for access to applications or application families. You can configure multiple application filters.
  1. On the Main tab, click
    Access Policy
    Secure Web Gateway
    Application Filters
    .
    Click the name of any filter to view its settings.
    Default application filters, such as block-all, allow-all and default, are available. You cannot delete default application filters.
    The Application Filters screen displays.
  2. To configure a new application filter, click one of these:
    • Create
      button - Click to start with an application filter with the default filter action specified for each application.
    • Copy
      link - Click this link for an existing application filter in the table to start with its settings.
    Another screen opens.
  3. In the
    Name
    field, type a unique name for the application filter.
  4. In the
    Description
    field, type any descriptive text.
  5. Click
    Finished
    .
    The properties screen displays with an Associated Applications table.
  6. To block access to particular applications or entire application families, select them and click
    Block
    .
    When you select an application family, you also select the related applications. You can expand the application family and clear any applications that are selected.
    To block any applications that Secure Web Gateway cannot categorize, select the application family
    Unknown
    .
  7. To allow access to particular applications or entire application families, select them and click
    Allow
    .
To use an application filter, you must assign it in a per-request policy. A per-request policy runs each time a request is made.