Manual :
BIG-IP Access Policy Manager: Secure Web Gateway Implementations
Applies To:
Show Versions
BIG-IP APM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Original Publication Date: 08/25/2014
- BIG-IP APM Secure Web Gateway Overview
-
URL Categorization
-
Overview: Updating URL categories and specifying web traffic schemes
- About the Instant Messaging URL category
- Downloading and updating URL categories
- Adding custom URL categories
- Looking up the category for a URL
- Customizing preconfigured URL categories
- Configuring URL filters
- Configuring Secure Web Gateway schemes
- Implementation result
- Secure Web Gateway database download log messages
-
Overview: Updating URL categories and specifying web traffic schemes
-
User Identification
- About user identification
- About session management cookies and Secure Web Gateway
- About ways to configure user identification for SWG
-
Overview: Identifying users transparently using F5 DC AgentConfiguring F5 DC Agent to support the IF-MAP service
- Configuring the BIG-IP system for the F5 DC Agent
- Verifying network communication
- Downloading and installing F5 DC Agent
- Updating privileges for the F5 DC Agent service
- Configuring the initialization file
- Configuring domain controller polling in the dc_agent.txt file
- Recovering from an unsuccessful installation
- Enabling debug logging for the F5 DC Agent
- Troubleshooting when a user is identified incorrectly
- F5 DC Agent error messages
-
Overview: Identifying users transparently using F5 Logon AgentConfiguring F5 Logon Agent to support the IF-MAP service
- Configuring the BIG-IP system for the F5 Logon Agent
- Verifying network communication
- Downloading and installing F5 Logon Agent
- Updating privileges for the F5 Logon Agent service
- Configuring the initialization file
- Recovering from an unsuccessful installation
- Enabling debug logging for the F5 Logon Agent
- Troubleshooting when a user is identified incorrectly
- Files used by Logon Agent
- Overview: Creating a script on a Windows system for F5 Logon Agent
-
Per-Request Policy Concepts and Examples
- Exporting and importing a per-request policy across BIG-IP systems
- About access and per-request policies
- Category-specific access control example
- Per-flow variables
- Session variables for use in a per-request policy
- About per-request policy items
- About per-request policy endings
- Customizing messages for URL filter denied
-
Explicit Forward Proxy
-
Overview: Configuring SWG explicit forward proxy
- SWG explicit forward proxy configuration prerequisites
- About the iApp for Secure Web Gateway configuration
- About ACLs and SWG explicit forward proxy
- About ways to configure user identification for SWG
- Creating a DNS resolver
- Adding forward zones to a DNS resolver
- Creating a tunnel for SSL forward proxy traffic
- Creating a custom HTTP profile for explicit forward proxy
- Configuring a per-request policy for SWG
- Creating an access profile for SWG explicit forward proxy
- Configuring an access policy for SWG explicit forward proxy
- Creating a virtual server to use as the forward proxy server
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for SSL forward proxy traffic
- Creating a virtual server to reject traffic
- Implementation result
- Session variables for use in a per-request policy
-
Overview: Configuring SWG explicit forward proxy
-
Transparent Forward Proxy
-
Overview: Configuring transparent forward proxy in inline mode
- SWG transparent forward proxy configuration prerequisites
- About the iApp for Secure Web Gateway configuration
- About ways to configure user identification for SWG
- Creating a VLAN for transparent forward proxy
- Assigning a self IP address to a VLAN
- Configuring a per-request policy for SWG
- Creating an access profile for SWG transparent forward proxy
- Configuring an access policy for transparent forward proxy
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for forward proxy SSL traffic
- Creating a virtual server for forward proxy traffic
- Creating a forwarding virtual server
- Creating a Client SSL profile for a captive portal
- Creating a virtual server for a captive portal
- Implementation result
- Session variables for use in a per-request policy
- About redirects after access denied by captive portal
-
Overview: Configuring transparent forward proxy
- SWG transparent forward proxy configuration prerequisites
- About the iApp for Secure Web Gateway configuration
- About ways to configure user identification for SWG
- Creating a VLAN for transparent forward proxy
- Assigning a self IP address to a VLAN
- Configuring a per-request policy for SWG
- Creating an access profile for SWG transparent forward proxy
- Configuring an access policy for transparent forward proxy
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for forward proxy SSL traffic
- Creating a virtual server for forward proxy traffic
- Creating a Client SSL profile for a captive portal
- Creating a virtual server for a captive portal
- Implementation result
- Session variables for use in a per-request policy
- About redirects after access denied by captive portal
-
Overview: Configuring transparent forward proxy in inline mode
-
Remote Access Configuration
-
Overview: Configuring SWG explicit forward proxy for network access
- Prerequisites for SWG explicit forward proxy for network access
- Configuration outline for explicit forward proxy for network access
- Creating a connectivity profile
- Adding a connectivity profile to a virtual server
- Creating a DNS resolver
- Adding forward zones to a DNS resolver
- Creating a custom HTTP profile for explicit forward proxy
- Configuring a per-request policy for SWG
- Creating an access profile for SWG explicit forward proxy
- Creating a virtual server for network access client forward proxy server
- Creating a wildcard virtual server for HTTP tunnel traffic
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a wildcard virtual server for SSL traffic on the HTTP tunnel
- Updating the access policy in the remote access configuration
- Configuring a network access resource to forward traffic
- Implementation result
- Session variables for use in a per-request policy
-
Overview: Configuring SWG transparent forward proxy for remote access
- Prerequisites
- Configuration outline
- Creating a connectivity profile
- Adding a connectivity profile to a virtual server
- Configuring a per-request policy for SWG
- Creating an access profile for SWG transparent forward proxy
- Creating a wildcard virtual server for HTTP traffic on the connectivity interface
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a wildcard virtual server for SSL traffic on the connectivity interface
- Updating the access policy in the remote access configuration
- Implementation result
- Session variables for use in a per-request policy
-
Overview: Configuring SWG explicit forward proxy for network access
-
Reports, Logs, and Statistics
- About SWG data for threat monitoring
- About per-request policies and SWG logging and reports
- About Access Policy Manager and Secure Web Gateway logs
- About local and remote logging for Secure Web Gateway
- Flowchart for local logging configuration
-
Overview: Monitoring Internet traffic and making adjustments to SWG
- About the reporting interval for charts and reports
- Configuring statistics collection for reports
- Examining Secure Web Gateway statistics
- Focusing charts and reports on security threats
- Exporting or emailing Secure Web Gateway statistics
- Creating an SMTP server configuration
- Chart and report drilldown paths
- Overview: Configuring remote high-speed SWG event logging
- Kerberos Authentication and SWG
- NTLM Authentication and SWG