Manual Chapter : Configuring Portal Access

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.0.0
Manual Chapter

Configuring Portal Access

Overview: What is portal access?

Portal access allows end users access to internal web applications with a web browser from outside the network. With portal access, the BIG-IP system managed by BIG-IQ communicates with back-end servers, and rewrites links in application web pages so that further requests from the client browser are directed back to the Access Policy Manager server. With portal access, the client computer requires no specialized client software other than a web browser.

Portal access provides clients with secure access to internal web servers, such as Microsoft OutlookWeb Access (OWA), Microsoft SharePoint, and IBM Domino Web Access. Using portal access functionality, you can also provide access to most web-based applications and internal web servers.

Portal access differs from network access, which provides direct access from the client to the internal network. Network access does not manipulate or analyze the content being passed between the client and the internal network. The portal access configuration gives the administrator both refined control over the applications that a user can access through Access Policy Manager, and content inspection for the application data. The other advantage of portal access is security. Even if a workstation might not meet requirements for security for full network access, such a workstation can be passed by the access policy to certain required web applications, without allowing full network access. In a portal access policy, the client computer itself never communicates directly with the end-point application. That means that all communication is inspected at a very high level, and any attacks originating on the client computer fail because the attack cannot navigate through the links that have been rewritten by the portal access engine.

Create a portal access configuration

  1. On the Main tab, click Access > Connectivity / VPN > Portal Access > Portal Access Lists.
    The Portal Access List screen opens.
  2. On the Main tab, click Access > Connectivity / VPN > Portal Access > Portal Access Lists.
    The Portal Access List screen opens.
  3. Expand Connectivity / VPN and click Portal Access > Portal Access Lists.
  4. Click Create.
    The New Portal Access screen opens.
  5. Type the name and an optional description.
  6. From the ACL Order list, specify the placement for the resource.
    Option Description
    Last Select this option to place the new portal access resource last in the ACL list.
    After Select this option to select, from the list of configured ACLs, the ACL that this portal access resource should follow in sequence.
    Specify Select this option to specify an order number, for example, 0 or 631for the ACL.
  7. From Configuration, select Basic or Advanced.
    The Advanced option provides additional settings so you can configure a proxy host and port.
  8. For the Match Case for Paths setting, select Yes to specify that portal access matches alphabetic case when matching paths in the portal access resource.
  9. From the Patching Type list, select the patching type for the web application.
    For both full and minimal patching types, you can select or clear patching methods specific to your selection.
  10. If you selected Minimal Patching and the Host Patching option, type a host search string, or multiple host search strings separated with spaces, and the host replace string, which must be the Access Policy Manager virtual server IP address or fully qualified domain name.
  11. To publish a link for the web application on the full webtop, or to use hosted content files, for the Publish on Webtop setting, select the Enable check box.
    Important: Do not enable the Publish on Webtop setting if you are configuring the portal access resource for minimal patching.
  12. If you enabled Publish on Webtop, select whether the Link Type is an application URI or a file uploaded to the hosted content repository.
    • Application URI: This is the main URI used to start this portal access resource. You can configure other URIs with specific caching and compression settings by adding resource items to the portal access resource, after the main resource is configured.
    • Hosted Content: Use content uploaded to the hosted content repository to present on the webtop. When you select a hosted content file (typically a web-browser readable file), that file becomes the main destination for this webtop link.
      Note: In the Resource Items area, you must add all resources that you have uploaded to the hosted content repository that apply to this particular hosted content link.
  13. In the Customization Settings for English area, in the Caption field, type a caption.
    The caption appears on the full webtop, and is required. This field is required even if you do not select the Publish on webtop option.
  14. Optionally, in the Detailed Description field type a description for the web application.
  15. In the Image field, specify an icon for the web application link. Click the View/Hide link to show the current icon.
  16. If your application is behind a proxy server, to specify a proxy host and port, you must select Advanced for the configuration to display additional fields, and type the proxy host and proxy port.
    Important: Portal access does not support forwarding HTTPS requests through the HTTPS proxy. If you specify the HTTPS scheme in the Application URI field and specify a proxy host, portal access does not forward the requests.
  17. To save your changes, click the Save & Close button at the bottom of the screen.
This completes the portal access resource configuration.
Add resource items to the portal access resource to provide functionality for your web applications.