Manual :
BIG-IP Access Policy Manager: Secure Web Gateway
Applies To:
Show Versions
BIG-IP APM
- 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Original Publication Date: 12/17/2018
- BIG-IP APM Secure Web Gateway Overview
-
Explicit Forward Proxy Configuration
-
Overview: Configuring APM to act as an explicit forward proxy
- About the iApp for Secure Web Gateway configuration
- Browser and firewall configuration best practices for explicit forward proxy
- Creating a DNS resolver
- Adding forward zones to a DNS resolver
- Creating a tunnel for SSL forward proxy traffic
- Creating a custom HTTP profile for explicit forward proxy
- Creating an access profile for explicit forward proxy
- Creating a virtual server to use as the forward proxy server
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for SSL forward proxy traffic
- Creating a virtual server to reject traffic
- Implementation result
- About APM ACLs and explicit forward proxy
- Overview: Processing RDP traffic on a device configured for explicit forward proxy
-
Overview: Configuring APM to act as an explicit forward proxy
-
Transparent Forward Proxy Configurations
-
Overview: Configuring transparent forward proxy
- About the iApp for Secure Web Gateway configuration
- About user identification with a logon page
- About user identification with an SWG F5 agent
- Creating a VLAN for transparent forward proxy
- Assigning a self IP address to a VLAN
- Creating an access profile for transparent forward proxy
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for forward proxy SSL traffic
- Creating a virtual server for forward proxy traffic
- Creating a Client SSL profile for a captive portal
- Creating a virtual server for a captive portal
- Implementation result
- About redirects after access denied by captive portal
-
Overview: Configuring transparent forward proxy in inline mode
- About the iApp for Secure Web Gateway configuration
- Creating a VLAN for transparent forward proxy
- Assigning a self IP address to a VLAN
- Creating an access profile for transparent forward proxy
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for forward proxy SSL traffic
- Creating a virtual server for forward proxy traffic
- Creating a forwarding virtual server
- Creating a Client SSL profile for a captive portal
- Creating a virtual server for a captive portal
- Implementation result
-
Overview: Configuring transparent forward proxy
-
Remote Access Forward Proxy Configurations
-
Overview: Configuring explicit forward proxy for Network Access
- Prerequisites for an explicit forward proxy configuration for Network Access
- Configuration outline: Explicit forward proxy for Network Access
- Creating a connectivity profile
- Adding a connectivity profile to a virtual server
- Creating a DNS resolver
- Adding forward zones to a DNS resolver
- Creating a custom HTTP profile for explicit forward proxy
- Creating a virtual server as the forward proxy for Network Access traffic
- Creating a wildcard virtual server for HTTP tunnel traffic
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a wildcard virtual server for SSL traffic on the HTTP tunnel
- Updating the access policy in the remote access configuration
- Configuring a Network Access resource to forward traffic
- Implementation result
- About configuration elements for explicit forward proxy (remote access)
- Per-request policy items that read session variables
-
Overview: Configuring transparent forward proxy for remote access
- Prerequisites for APM transparent forward proxy for remote access
- Configuration outline for APM transparent forward proxy for remote access
- Creating a connectivity profile
- Adding a connectivity profile to a virtual server
- Creating an access profile for transparent forward proxy
- Creating a wildcard virtual server for HTTP traffic on the connectivity interface
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a wildcard virtual server for SSL traffic on the connectivity interface
- Updating the access policy in the remote access configuration
- Implementation result
- About configuration elements for transparent forward proxy (remote access)
- Per-request policy items that read session variables
-
Overview: Configuring explicit forward proxy for Network Access
-
Policies for APM (with SWG) as a Secure Web Gateway
-
Overview: Controlling forward proxy traffic with SWG
- Example policy: Categorize and scan traffic for malware
- Example policy: URL database category-specific access control
- Configuring an access policy for forward proxy with SWG
- Creating a per-request policy
- Configuring a policy to scan for malware and provide safe search
- Blocking outgoing social media requests
- Adding a per-request policy to the virtual server
- Virtual server Access Policy settings for forward proxy
- About Response Analytics and the order of policy items
- About Safe Search and supported search engines
-
Overview: Controlling forward proxy traffic with SWG
-
Policies for APM as a Secure Web Gateway
-
Overview: Controlling forward proxy traffic with APM
- Configuring an access policy for forward proxy with SWG
- Example policy: User-defined category-specific access control
- Example policy: URL filter per user group
- Creating a per-request policy
- Applying user-defined URL categories and filters in a per-request policy
- Adding a per-request policy to the virtual server
- Virtual server Access Policy settings for forward proxy
-
Overview: Controlling forward proxy traffic with APM
-
SSL Bypass and Intercept with APM
-
Overview: Bypassing SSL forward proxy traffic with APM
- Example policy: SSL forward proxy bypass
- Creating a per-request policy
- Processing SSL traffic in a per-request policy
- Adding a per-request policy to the virtual server
- Virtual server Access Policy settings for forward proxy
- About the SSL Bypass Set and SSL Intercept Set process
- About SSL Bypass Set and SSL Intercept Set and the order of policy items
-
Overview: Bypassing SSL forward proxy traffic with APM
-
Forward Proxy Chaining with APM
- BIG-IP system forward proxy chaining and APM benefits
- Interoperability characteristics for forward proxy chaining
- Configuration essentials for forward proxy chaining
- Overview: Offloading authentication from the next hop
- Overview: Using NTLM pass-through to the next hop
- Overview: Inserting HTTP headers for authentication to the next hop
- Overview: Authenticating with HTTP Basic to the next hop
- Overview: Configuring Basic or NTLM SSO to the next hop
- Overview: Configuring Kerberos SSO to the next hop
- Overview: Configuring Kerberos SSO to a resource server
- Overview: Updating virtual servers for forward proxy chaining with APM
- Configuring the URL Database for SWG
- Customizing URL Categories and Filters for SWG
- Creating User-Defined URL Categories and Filters for APM
-
Configuring an SWG Agent for User Identification
- About user identification with an SWG F5 agent
-
Overview: Configuring the SWG F5 DC Agent
- Configuring the BIG-IP system for the F5 DC Agent
- Verifying network communication
- Downloading and installing F5 DC Agent
- Updating privileges for the F5 DC Agent service
- Configuring the initialization file
- Configuring domain controller polling in the dc_agent.txt file
- Recovering from an unsuccessful installation
- Enabling debug logging for the F5 DC Agent
- Troubleshooting when a user is identified incorrectly
- F5 DC Agent error messages
-
Overview: Configuring the SWG F5 Logon Agent
- Configuring the BIG-IP system for the F5 Logon Agent
- Verifying network communication
- Downloading and installing F5 Logon Agent
- Updating privileges for the F5 Logon Agent service
- Configuring the initialization file
- Recovering from an unsuccessful installation
- Enabling debug logging for the F5 Logon Agent
- Troubleshooting when a user is identified incorrectly
- Files used by Logon Agent
- Overview: Creating a script on a Windows system for SWG F5 Logon Agent
-
Secure Web Gateway Statistics
- About SWG data for threat monitoring
-
Overview: Monitoring Internet traffic for threats
- About the Secure Web Gateway Overview
- Configuring statistics collection for SWG reports
- Examining statistics on the SWG Overview
- Focusing the Overview on security threats
- Exporting or emailing SWG statistics
- Creating an SMTP server configuration
- Implementation result
- About the reporting interval for charts and reports
- About statistics aggregation for weekly and longer time ranges
- About Secure Web Gateway statistics
- Logging and Reporting
- Legal Notices
