F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP APM
  4. BIG-IP Access Policy Manager: Portal Access
  5. Configuring Resources for Portal Access
Manual Chapter : Configuring Resources for Portal Access

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Creating a portal access configuration

  1. On the Main tab, click Access > Connectivity / VPN > Portal Access > Portal Access Lists .
    The Portal Access List screen opens.
  2. Click the Create button.
    The New Resource screen opens.
  3. Type the name and an optional description.
  4. From the ACL Order list, specify the placement for the resource.
    Option Description
    Last Select this option to place the new portal access resource last in the ACL list.
    After Select this option to select, from the list of configured ACLs, the ACL that this portal access resource should follow in sequence.
    Specify Select this option to specify an order number, for example, 0 or 631for the ACL.
  5. From Configuration, select Basic or Advanced.
    The Advanced option provides additional settings so you can configure a proxy host and port.
  6. For the Match Case for Paths setting, select Yes to specify that portal access matches alphabetic case when matching paths in the portal access resource.
  7. From the Patching Type list, select the patching type for the web application.
    For both full and minimal patching types, you can select or clear patching methods specific to your selection.
  8. If you selected Minimal Patching and the Host Patching option, type a host search string, or multiple host search strings separated with spaces, and the host replace string, which must be the Access Policy Manager® virtual server IP address or fully qualified domain name.
  9. To publish a link for the web application on the full webtop, or to use hosted content files, for the Publish on Webtop setting, select the Enable check box.
    Important: Do not enable the Publish on Webtop setting if you are configuring the portal access resource for minimal patching.
  10. If you enabled Publish on Webtop, select whether the Link Type is an application URI or a file uploaded to the hosted content repository.
    • Application URI: This is the main URI used to start this portal access resource. You can configure other URIs with specific caching and compression settings by adding resource items to the portal access resource, after the main resource is configured.
    • Hosted Content: Use content uploaded to the hosted content repository to present on the webtop. When you select a hosted content file (typically a web-browser readable file), that file becomes the main destination for this webtop link.
      Note: In the Resource Items area, you must add all resources that you have uploaded to the hosted content repository that apply to this particular hosted content link.
  11. In the Customization Settings for English area, in the Caption field, type a caption.
    The caption appears on the full webtop, and is required. This field is required even if you do not select the Publish on webtop option.
  12. Optionally, in the Detailed Description field type a description for the web application.
  13. In the Image field, specify an icon for the web application link. Click the View/Hide link to show the current icon.
  14. If your application is behind a proxy server, to specify a proxy host and port, you must select Advanced for the configuration to display additional fields, and type the proxy host and proxy port.
    Important: Portal access does not support forwarding HTTPS requests through the HTTPS proxy. If you specify the HTTPS scheme in the Application URI field and specify a proxy host, portal access does not forward the requests.
  15. Click the Create button.
This completes the portal access resource configuration.
Add resource items to the portal access resource to provide functionality for your web applications.

Creating a portal access resource item

You create a portal access resource item to add a port, path, and other portal access functionality to a portal access resource. If your portal access resource is a hosted content file (for example, a web application) you must add that file, and all related files from the hosted content repository that are used with the hosted content file. For example, you might add image files, CSS, and scripts that are required by the web page or application. You typically use resource items to refine the behavior for web application directories; for example, you might specify No Compression and a Cache All caching policy for the /attachment directory for a portal access resource.
  1. On the Main tab, click Access > Connectivity / VPN > Portal Access > Portal Access Lists .
    The Portal Access List screen opens.
  2. Click the name of a portal access resource.
    The Portal Access Properties screen for that resource opens.
  3. In the Resource Items area, click the Add button.
    A New Resource Item screen for that resource opens.
  4. Select whether the resource item is application paths or hosted content.
    • Paths: If you select this option, set the host name or IP address, URI paths, the scheme, and the port.
    • Hosted Content: If you select this option, choose an item from the list of content uploaded to the hosted content repository
      Note: You must add all files that you have uploaded to the hosted content repository that apply to this particular hosted content resource.
  5. Configure the properties for the resource item.
    • To add headers, select Advanced next to New Resource Item.
    • To configure Session Update, Session Timeout, and Home Tab, select Advanced next to Resource Item Properties.
  6. Click Finished.
    This creates the portal access resource item.

Portal access resource item properties

Use these properties to configure a resource item for a portal access resource.

Property Value Description
Item Type Paths or Hosted Content Specifies whether the resource item is a path to a web resource or an uploaded file from the hosted content repository.
Destination Host name, IP address, or network address and mask Specifies whether the web application destination is a host or an IP address, and provides the host name or IP address. You can specify an IPv4 or IPv6 IP address, or a host name that resolves to either an IPv4 or IPv6 address. When a resource is configured using the host name, and the host name resolves to both IPv4 and IPv6 addresses, the IP address family preference setting in the client's DNS configuration is used to choose the IP address type from the DNS response.
Hosted Files A local file If the item type is Hosted Content, you can select a local file from this list to specify as the resource.
Important: If the portal access resource is a hosted content file, all related files must be defined separately as portal access resource items within that portal access resource.
Port A port number or 0 Specifies the port for the web application. 0 means the web application matches port 80 for the http scheme option, and port 443 for the https scheme option.
Scheme http, https, or any Specifies whether the URI scheme for the web application is http, https, or any (either HTTP or HTTPS) scheme.
Paths An application path or paths, separated by spaces Specifies any paths for the web application. You can separate multiple paths with spaces. You can use wildcards, for example /*.
Headers Name-value pairs Specifies any custom headers required by the web application. To add a header, type the header name in the Name field, and the header content in the Value field, then click the Add button.
Compression No compression or GZIP compression No Compression specifies that application data sent to the client browser is not compressed. GZIP Compression specifies that application data sent to the client browser is compressed with GZIP compression.
Important: To use GZIP compression with a portal access resource, in the virtual server definition, you must specify the HTTP Compression Profile setting as httpcompression.
Client Cache Default, Cache All, or No Cache Specifies settings for client caching of web applications. In the rewrite profile that you associate with the virtual server for the portal access resource, you can specify a client caching option: CSS and JavaScript, CSS, Images and JavaScript, No Cache or Cache All. If you configure a client cache setting other than Default in the portal access resource item, that resource setting overrides the cache setting in the rewrite profile.
  • Default uses the client cache settings from the rewrite profile.
  • Cache All uses cache headers as is from the back-end server, and allows caching of everything that can be cached, including CSS, images, JavaScript®, and XML. May provide better client performance and lower security depending on the server configuration.
  • No Cache caches nothing. This provides the slowest client performance and is the most secure.
SSO Configuration SSO configuration, selected from a list of available SSO configurations Specifies an SSO configuration to use with the portal access resource item for Single Sign-On.
Session Update Enable or disable Some application web pages that start through portal access connections contain JavaScript code that regularly refreshes the page or sends HTTP requests, regardless of user activity or inactivity. A session that is abandoned at such a site does not time out, because it appears to be active. When disabled, the session update feature prevents these sessions from remaining active indefinitely.
Session Timeout Enable or disable Enables or disables session timeouts.
Home Tab Enable or disable This option inserts into HTML pages a small amount of HTML code that includes the JavaScript that displays the home tab, which contains links to the Home and Logout functions and a URL bar. To enable the home tab on a web application page, select the Home Tab check box. Web pages generated without the home tab JavaScript code contain no home or logout links. You can customize the appearance and configuration of the home tab on the webtop customization page. When you start a web application from the full webtop, the home tab is displayed on the webtop only, and not on web pages launched from the webtop, regardless of this setting.
Log None or Packet Specifies the log level that is logged when actions of this type occur.

Creating a portal access resource item for minimal patching

Create a portal access resource item to add an port, path and other portal access functionality to a portal access resource. You typically use resource items to refine the behavior for web application directories; for example, you might specify No Compression and a Cache All caching policy for the /attachment directory for a portal access resource.
  1. On the Main tab, click Access > Connectivity / VPN > Portal Access > Portal Access Lists .
    The Portal Access List screen opens.
  2. Click the name of a portal access resource that is configured for minimal patching.
    The Portal Access Resource Properties screen opens.
  3. In the Resource Items area, click Add.
    The New Resource Item screen opens.
  4. In the Host Name field, type an asterisk *.
  5. From the Scheme list, select any.
    When you select any, the port changes correctly to 0.
  6. In the Paths field, type /* .
  7. Click Finished.
    The portal access resource item is created.
This creates the portal access resource item required for a minimal patching configuration.

Creating a portal access configuration with the wizard

You can use the portal access wizard to quickly configure an access policy, resource, resource item, and a virtual server to allow portal access connections.
  1. On the Main tab, click Wizards > Device Wizards .
    Tip: Follow the instructions in the wizard to create your access policy and virtual server.
  2. Select Portal Access Setup Wizard and click Next.
  3. Type the Policy Name, select the default language, and specify whether to enable the simple antivirus check in the access policy.
  4. Click Next.
  5. On the Select Authentication wizard screen, configure authentication. You can select an existing authentication server configured on the Access Policy Manager®, or you can create a new authentication configuration.
    For a full discussion of Access Policy Manager authentication, see BIG-IP® Access Policy Manager:® Authentication and Single-Sign On.
  6. On the Portal Access screen, select a portal access application.
    Option Description
    DWA Configures a Domino Web Access configuration with common settings.
    OWA2003 Configures an Outlook Web Access 2003 configuration with common settings.
    OWA2007 Configures an Outlook Web Access 2007 configuration with common settings.
    OWA2010 Configures an Outlook Web Access 2010 configuration with common settings.
    Custom Allows you to configure custom settings for a portal access configuration.
  7. In the Portal Access Start URI field, type the applicable URI.
  8. To configure SSO with the portal access configuration, select the Configure SSO check box.
    If you enable this setting, you also select the SSO method from the SSO Method list.
  9. Click Next.
  10. In the Virtual Server IP address field, type the IP address for your virtual server.
    Select the Create Redirect Virtual Server check box to create a redirect action for clients who attempt to connect over HTTP instead of HTTPS.
  11. Click Next.
  12. Review the configuration.
    You can click Next to accept the configuration and create the portal access configuration, Back to go back and change settings, or Cancel to discard the configuration.
Configuration is complete. You can test the portal access resource by browsing to the virtual server address.

Creating a portal access configuration with a template

You can create a portal access resource with a template for a common application, to add when you configure an access policy. When you create a portal access configuration with a template, you create the portal access resource, along with common resource items for the configuration.
  1. On the Main tab, click Access > Connectivity / VPN > Portal Access > Portal Access Lists .
    The Portal Access List screen opens.
  2. Click the Create with Template button.
  3. Type a name for the portal access resource.
  4. From the Template list, select a portal access application template.
    • DWA - Configures a Domino Web Access configuration with common settings.
    • OWA2003 - Configures an Outlook Web Access 2003 configuration with common settings.
    • OWA2007 - Configures an Outlook Web Access 2007 configuration with common settings.
    • OWA2010 - Configures an Outlook Web Access 2010 configuration with common settings.
  5. From the Order list, specify the sequence for the resource.
    Option Description
    Last Select this option to place the new portal access resource last in the ACL list.
    After Select this option to select, from the list of configured ACLs, the ACL that this portal access resource should follow in sequence.
    Specify Select this option to specify an order number, for example, 0 or 631 for the ACL.
  6. For the Destination setting, select Host Name or IP Address for the resource address, then type the resource address in the corresponding field or fields.
  7. Click the Finished button.
The Access Policy Manager® creates a portal access resource and the associated common resource items from the template.
You can add resource items to the portal access resource, to provide more functionality for your web applications.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information