You can include authentication in the access policy in a Secure Web Gateway (SWG) explicit or transparent forward proxy configuration. However, if the first site that a user accesses uses HTTP instead of secure HTTP, passwords are passed as clear text. To prevent this from happening, F5® recommends using Kerberos or NTLM authentication.
To use NTLM authentication, you must specify an NTLM Auth Configuration when you configure the access profile for SWG explicit or SWG transparent forward proxy. If an NTLM Auth Configuration does not yet exist on the BIG-IP® system, use these steps to configure it.