You can include authentication in the access policy in a Secure Web Gateway (SWG) explicit or transparent forward proxy configuration. When you do so if the first site that a user accesses uses HTTP instead of secure HTTP, passwords are passed as clear text. To prevent this from happening, F5® recommends using Kerberos or NTLM authentication.
To use NTLM authentication, you will need to select an NTLM Auth configuration when you configure the access profile for SWG. Before you start your SWG configuration, if you plan to use NTLM authentication, make sure that the required NTLM authentication objects exist. NTLM authentication requires that a machine account and an NTLM Auth configuration exist on the BIG-IP® system.