Secure Web Gateway (SWG) can be configured to support remote clients that connect using application access, network access, or portal access.
You should understand how these configuration objects fit into the overall configuration.
Before you start to create a Secure Web Gateway (SWG) transparent forward proxy configuration to support remote access clients, you must have completed these tasks.
Tasks for integrating an Access Policy Manager (APM) remote access configuration with a Secure Web Gateway (SWG) transparent forward proxy configuration follow this order.
Update a virtual server that is part of an Access Policy Manager application access, network access, or portal access configuration to enable a secure connectivity interface for traffic from the client.
|Dynamic Date Time||Branch by day of week or time of day.|
|AD Group Lookup||Branch by user group. Requires branch rule configuration.|
|LDAP Group Lookup||Branch by user group. Requires branch rule configuration.|
|LocalDB Group Lookup||Branch by user group. Requires branch rule configuration.|
|RADIUS Class Lookup||Branch by the class attribute. Requires branch rule configuration.|
Creating a Client SSL forward proxy profile makes it possible for client and server authentication, while still allowing the BIG-IP system to perform data optimization, such as decryption and encryption. This profile applies to client-side SSL forward proxy traffic only.
Add an SWG Scheme Assign item to an access policy to assign a Secure Web Gateway (SWG) scheme to a client session. Add queries to populate any session variables that are required for successful execution of the per-request policy.
The Secure Web Gateway (SWG) transparent proxy configuration is ready to process web traffic from remote access clients.
Per-request policy items that look up the group or class to which a user belongs rely on the access policy to populate these session variables.
|Per-request policy item||Session variable||Access policy item|
|AD Group Lookup||session.ad.last.attr.primaryGroupID||AD Query|
|LDAP Group Lookup||session.ldap.last.attr.memberOf||LDAP Query|
|LocalDB Group Lookup||session.localdb.groups
Note: This session variable is a default in the expression for LocalDB Group Lookup; any session variable in the expression must match the session variable used in the Local Database action in the access policy.
|RADIUS Class Lookup||session.radius.last.attr.class||RADIUS Auth|