Access Policy Manager® (APM®) can be configured to act as a transparent forward proxy to support remote clients that connect using application access, network access, or portal access.
Transparent forward proxy for remote access
Before you start to create an Access Policy Manager® (APM®) transparent forward proxy configuration to support remote access clients, you must have completed these tasks.
Tasks for integrating an Access Policy Manager® (APM®) remote access configuration with a transparent forward proxy configuration for APM follow this order.
Update a virtual server that is part of an Access Policy Manager® application access, network access, or portal access configuration to enable a secure connectivity interface for traffic from the client.
Creating a Client SSL forward proxy profile makes it possible for client and server authentication, while still allowing the BIG-IP® system to perform data optimization, such as decryption and encryption. This profile applies to client-side SSL forward proxy traffic only.
Add queries to the access policy to populate any session variables that are required for successful execution of the per-request policy.
A transparent forward proxy configuration is ready to process web traffic from remote access clients.
When you configure the BIG-IP®system so that Access Policy Manager® (APM®) can act as a transparent forward proxy for use by remote access clients, you might want to understand how these objects fit into the overall configuration.
This table lists per-request policy items that read session variables and lists the access policy items that populate the variables.
|Per-request policy item||Session variable||Access policy item|
|AD Group Lookup||session.ad.last.attr.primaryGroupID||AD Query|
|LDAP Group Lookup||session.ldap.last.attr.memberOf||LDAP Query|
|LocalDB Group Lookup||
Note: This session variable is a default in the expression for LocalDB Group Lookup; any session variable in the expression must match the session variable used in the Local Database action in the access policy.
|RADIUS Class Lookup||session.radius.last.attr.class||RADIUS Auth|