On a BIG-IP® system with an SWG subscription, URL categorization must be configured. The URL database must be downloaded and a download schedule must be set. Optionally, custom URL categories and filters can be created to extend the standard URL categories and URL filters that are provided.
On a BIG-IP system without an SWG subscription, URL categorization is an option. Standard URL categories and URL filters are not provided. URL filtering can be accomplished with user-defined URL categories and user-defined URL filters.
Secure Web Gateway (SWG) supplies over 150 URL categories and identifies over 60 million URLs that fit within these categories. In addition, you can create custom categories if needed and add URLs to any category, custom or otherwise. You can also use custom categories to define blacklists and whitelists.
SWG supplies default URL filters as a starting point for your configuration. For example, the URL filter named default blocks the majority of inappropriate web sites. You can use any default filter as a starting point from which to define your own URL filters to reflect your acceptable use policies.
Complete these tasks before you create a per-request policy to categorize and filter URL requests.
Use these tasks to download URL categories initially, to refresh them over time, and to specify URL filters that support your use and compliance policy. Before you begin, the BIG-IP® system must be licensed and provisioned to support URL categorization.
Secure Web Gateway (SWG) supports HTTP and HTTPS-based instant messaging protocols. As a result, when you use the Instant Messaging URL category to block messages, SWG can block messages to ICQ, for example, but cannot block messages from applications that use non-standard ports or tunneling over HTTP, such as, Yahoo Messenger, Skype, Google Talk, and so on.
Similarly, SWG cannot block messages from file-sharing and peer-to-peer protocols that do not use HTTP or HTTPS; most of these protocol types do not use either HTTP or HTTPS.
Now you have BIG-IP® Secure Web Gateway (SWG) configured to regularly download updates to URL categories. URL filters are configured and ready to be added to per-request policies.
When you deploy Secure Web Gateway (SWG), the database downloads output messages to the log destinations specified in the default-log-setting. This table lists messages that are available only when you enable debug.
|Transfer Status 247||The file is transferred successfully to the BIG-IP® system. If you see a Transfer Status other than 247, it might indicate an error.|
|RTU Type||The RTU Type is always 1. If you see an RTU Type other than 1, it might indicate an error.|
|Expiration Date||The BIG-IP system does not use the expiration date in this message. Instead, the BIG-IP system enforces the SWG license and the database download works accordingly.|
To categorize and filter URL requests on a BIG-IP® system that does not provide standard URL categories in a URL database, you can create custom URL categories and filters.
Complete these tasks before you create a per-request policy that includes items to categorize (URL Category) and filter (URL Filter Assign) URL requests.