Manual :
BIG-IP Access Policy Manager: Secure Web Gateway Implementations
Applies To:
Show Versions
BIG-IP APM
- 12.0.0
Original Publication Date: 09/01/2015
- Legal Notices
- BIG-IP APM Secure Web Gateway Overview
-
URL Categorization
- About URL categorization
-
Overview: Downloading the URL database and updating standard URL filters
- About the Instant Messaging URL category
- Downloading and updating URL categories
- Adding custom URL categories to the URL database
- Customizing standard categories from the URL database
- Configuring URL filters
- Looking up a URL category in the master database
- Implementation result
- Configuring logging for the URL database
- Viewing a URL database report
- Secure Web Gateway database download log messages
- Overview: Configuring user-defined URL categories and filters
- Application Filter Configuration
-
User Identification
- About user identification
-
Overview: Configuring F5 DC Agent
- Configuring the BIG-IP system for the F5 DC Agent
- Verifying network communication
- Downloading and installing F5 DC Agent
- Updating privileges for the F5 DC Agent service
- Configuring the initialization file
- Configuring domain controller polling in the dc_agent.txt file
- Recovering from an unsuccessful installation
- Enabling debug logging for the F5 DC Agent
- Troubleshooting when a user is identified incorrectly
- F5 DC Agent error messages
-
Overview: Configuring F5 Logon Agent
- Configuring the BIG-IP system for the F5 Logon Agent
- Verifying network communication
- Downloading and installing F5 Logon Agent
- Updating privileges for the F5 Logon Agent service
- Configuring the initialization file
- Recovering from an unsuccessful installation
- Enabling debug logging for the F5 Logon Agent
- Troubleshooting when a user is identified incorrectly
- Files used by Logon Agent
- Overview: Creating a script on a Windows system for F5 Logon Agent
-
Per-Request Policy Configuration
- About access and per-request policies
-
Overview: Configuring a per-request policy
- About Response Analytics and the order of policy items
- About SSL Bypass Set and SSL Intercept Set and the order of policy items
- About the SSL Bypass Set and SSL Intercept Set process
- SSL bypass example
- URL filter per user group example
- Access control by date, time, and user group example
- Response Analytics example
- Category-specific access control example
- Application lookup and filter example
- Creating a per-request policy
- Processing SSL traffic in a per-request policy
- Configuring policies to branch by local database user group
- Specifying URL categorization in a per-request policy
- Configuring a per-request policy to control access to applications
- Configuring a per-request policy to branch by group or class
- Per-request policy items that read session variables
- Per-request policy items for APM and LTM reverse proxy
- About per-request policies and the Apply Access Policy link
- Per-flow variables
-
About per-request policy items
- About Protocol Lookup
- About SSL Bypass Set
- About AD Group Lookup
- About LDAP Group Lookup
- About LocalDB Group Lookup
- About RADIUS Class Lookup
- About Dynamic Date Time
- About SSL Intercept Set
- About the Logging action
- About Category Lookup
- About Response Analytics
- About URL Filter Assign
- About Application Lookup
- About Application Filter Assign
- About HTTP Headers
- About per-request policy endings
- Customizing messages for the per-request policy Reject ending
- Exporting and importing a per-request policy across BIG-IP systems
-
Explicit Forward Proxy Configuration
-
Overview: Configuring SWG explicit forward proxy
- About the iApp for Secure Web Gateway configuration
- SWG explicit forward proxy configuration prerequisites
- About ACLs and SWG explicit forward proxy
- Creating a DNS resolver
- Adding forward zones to a DNS resolver
- Creating a tunnel for SSL forward proxy traffic
- Creating a custom HTTP profile for explicit forward proxy
- Creating an access profile for explicit forward proxy
- Verifying log settings for the access profile
- Configuring an access policy for SWG explicit forward proxy
- Creating a virtual server to use as the forward proxy server
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for SSL forward proxy traffic
- Creating a virtual server to reject traffic
- Implementation result
- Per-request policy items that read session variables
- Overview: Processing RDP traffic on a device with SWG
-
Overview: Configuring SWG explicit forward proxy
-
Transparent Forward Proxy Configurations
-
Overview: Configuring transparent forward proxy in inline mode
- About the iApp for Secure Web Gateway configuration
- SWG transparent forward proxy configuration prerequisites
- Creating a VLAN for transparent forward proxy
- Assigning a self IP address to a VLAN
- Creating an access profile for SWG transparent forward proxy
- Verifying log settings for the access profile
- Configuring an access policy for transparent forward proxy
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for forward proxy SSL traffic
- Creating a virtual server for forward proxy traffic
- Creating a forwarding virtual server
- Creating a Client SSL profile for a captive portal
- Creating a virtual server for a captive portal
- Implementation result
- Per-request policy items that read session variables
- About redirects after access denied by captive portal
-
Overview: Configuring transparent forward proxy
- SWG transparent forward proxy configuration prerequisites
- About the iApp for Secure Web Gateway configuration
- About user identification with a logon page
- About user identification with an F5 agent
- Creating a VLAN for transparent forward proxy
- Assigning a self IP address to a VLAN
- Creating an access profile for SWG transparent forward proxy
- Verifying log settings for the access profile
- Configuring an access policy for transparent forward proxy
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a virtual server for forward proxy SSL traffic
- Creating a virtual server for forward proxy traffic
- Creating a Client SSL profile for a captive portal
- Creating a virtual server for a captive portal
- Implementation result
- Per-request policy items that read session variables
- About redirects after access denied by captive portal
-
Overview: Configuring transparent forward proxy in inline mode
-
Remote Access Forward Proxy Configurations
-
Overview: Configuring SWG explicit forward proxy for network access
- Prerequisites for SWG explicit forward proxy for network access
- Configuration outline: SWG explicit forward proxy for Network Access
- Creating a connectivity profile
- Adding a connectivity profile to a virtual server
- Creating a DNS resolver
- Adding forward zones to a DNS resolver
- Creating a custom HTTP profile for explicit forward proxy
- Creating a virtual server for network access client forward proxy server
- Creating a wildcard virtual server for HTTP tunnel traffic
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a wildcard virtual server for SSL traffic on the HTTP tunnel
- Updating the access policy in the remote access configuration
- Configuring a network access resource to forward traffic
- Implementation result
- About configuration elements for explicit forward proxy (remote access)
- Per-request policy items that read session variables
-
Overview: Configuring SWG transparent forward proxy for remote access
- Prerequisites for SWG transparent forward proxy for remote access
- Configuration outline for SWG transparent forward proxy for remote access
- Creating a connectivity profile
- Adding a connectivity profile to a virtual server
- Creating an access profile for SWG transparent forward proxy
- Verifying log settings for the access profile
- Creating a wildcard virtual server for HTTP traffic on the connectivity interface
- Creating a custom Client SSL forward proxy profile
- Creating a custom Server SSL profile
- Creating a wildcard virtual server for SSL traffic on the connectivity interface
- Updating the access policy in the remote access configuration
- Implementation result
- About configuration elements for transparent forward proxy (remote access)
- Per-request policy items that read session variables
-
Overview: Configuring SWG explicit forward proxy for network access
- LTM SSL Forward Proxy and SWG
- Web Access Management and SWG
-
Reports, Logs, and Statistics
- About SWG data for threat monitoring
-
Overview: Monitoring Internet traffic for threats
- About the Secure Web Gateway Overview
- Configuring statistics collection for SWG reports
- Examining statistics on the SWG Overview
- Focusing the Overview on security threats
- Exporting or emailing SWG statistics
- Creating an SMTP server configuration
- Implementation result
- About the reporting interval for charts and reports
- About Secure Web Gateway statistics
- Overview: Configuring remote high-speed APM and SWG event logging
- APM log example
- About local log destinations and publishers
- About configurations that produce duplicate log messages
- Methods to prevent or eliminate duplicate log messages
- About log level configuration
- Kerberos Authentication for SWG Forward Proxy
- NTLM Authentication for SWG Forward Proxy
