Manual Chapter : Configuring a per-request policy to select the next hop

Applies To:

Show Versions Show Versions


  • 15.0.1, 15.0.0
Manual Chapter

Configuring a per-request policy to select the next hop

Before you start, you must have configured a pool of proxy servers that all support the same forward proxy mode: explicit or transparent. (Create pools using
Local Traffic
You create a per-request policy that uses a Proxy Select agent to select the next hop in a forward proxy chain.
If you include
SSL Intercept
SSL Bypass
agents in the policy, be sure to place them before other agents.
  1. On the Main tab, click
    Profiles / Policies
    Per-Request Policies
    The Per-Request Policies screen opens.
  2. To create a new per-request policy, click
    , type a name that is unique among all access profiles and per-request policies, select the accepted languages, and click
  3. In the
    field, locate the policy that you want to update, then in the
    Per-Request Policy
    field, click the
    The visual policy editor opens in another tab.
  4. On a policy branch, click the
    icon to add an item to the policy.
    The actions you can use for building a per-request policy are displayed on a popup screen with actions on tabs, such as Authentication, Classification, and General Purpose, and a search field.
  5. On the Traffic Management tab, select
    Proxy Select
    and click
    Add Item
    A Properties popup screen opens.
  6. From the
    list, select a pool of one or more proxy servers to serve as the next hop.
    All proxy servers in the pool that you select must support the forward proxy mode that you specify in the
    Upstream Proxy Mode
  7. From
    Upstream Proxy Mode
    , select:
    • Explicit
      if the proxy servers in the pool support explicit forward proxy.
    • Transparent
      if the proxy servers in the pool support transparent forward proxy.
  8. For
    , most of the time you can retain the default values (blank).
    These fields support the use of static credentials to authenticate the user at the next hop using HTTP Basic authentication.
  9. Click
    The properties screen closes. The visual policy editor displays.
Be sure to add a disabled HTTP Connect Profile to the virtual server that processes SSL traffic for the forward proxy configuration.
A per-request policy is not in effect unless it and an access profile are specified in virtual servers in the forward proxy configuration.