Manual Chapter :
About zero trust
Applies To:
Show VersionsBIG-IP APM
- 16.0.1, 16.0.0
About zero trust
Zero trust
follows the principle never trust, always verify
and thus enforces authentication and
verification for every user or device attempting to access resources whether from within or
outside of the network. The easiest way to create policies to support zero trust security is to use
the Zero Trust-Identity Aware Proxy template in Access Guided Configuration. The template takes
you through the steps needed to create an Identity Aware Proxy. Access Policy Manager (APM) acts
as the Identity Aware Proxy helping to simplify client access to both multi-cloud and on-premise
web applications, and securely manage access from client devices.
On APM, you can develop per-request policies with subroutines that perform
different levels of authentication, federated identity management, SSO (single sign on), and MFA
(multi-factor authentication) depending on the requirements. Subroutines perform continuous
checking based on a specified duration or gating criteria. Policies can be as complex or as
simple as you need them to be to provide seamless yet secure access to resources. Refer to
Implementing Zero Trust with Per-Request Policies
for many examples of per-request
policies that implement different aspects of zero trust.For additional security, device posture checking provides instantaneous
device posture information. The system can continuously check clients to be sure, for example,
that their antivirus, firewall, and patches meet company requirements, ensuring that the device
maintains trust at all times.
On the client side, F5 Access Guard allows real-time posture information to
be inspected with per-request policy subroutines. F5 Access Guard generates posture information
asynchronously, and transparently transmits it to chosen APM server endpoints using special HTTP
headers. Refer to
BIG-IP Access Policy Manager: Configuring F5 Access
Guard
for details on client requirements.