With BIG-IP® Access Policy Manager®system Secure Web Gateway (SWG), you can create a configuration that enforces your organization's rightful use and compliance policy for Internet access. Users that access the Internet from the enterprise go through SWG forward proxy that allows or blocks access to certain categories of URL. When necessary, for example when a URL is not already categorized, SWG analyzes the content in the request or the response to determine whether it represents a threat and to block access if needed.
To avoid issues with privacy concerns, you might need to enable SSL forward proxy bypass for URLs that expose personal user information, such as those for banking, financial, or government sites.
The order in which SSL forward proxy bypass searches lists for a matching IP address or hostname depends on whether the default action is intercept or bypass:
|Destination IP Intercept||Destination IP Bypass|
|Destination IP Bypass||Destination IP Intercept|
|Source IP Intercept||Source IP Bypass|
|Source IP Bypass||Source IP Intercept|
|Hostname Intercept||Hostname Bypass|
|Hostname Bypass||Hostname Intercept|
Before you start these tasks, you should have created an SWG explicit or transparent forward proxy configuration that you want to enhance with the addition of SSL forward proxy bypass. To configure SSL forward proxy bypass, first you should determine your strategy, and then configure any lists that you need to implement it.
You perform this task to update a client SSL profile that is already configured for SSL forward proxy. You enable SSL forward proxy bypass in cases where you need to make exceptions, such as to mitigate privacy concerns.
You perform this task to update a server SSL profile that is already configured for SSL forward proxy. You must enable SSL forward proxy bypass in a server SSL profile when SSL forward proxy bypass is enabled in the corresponding client SSL profile in your configuration.