Manual Chapter : Application Filter Configuration

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 12.0.0
Manual Chapter

Application Filter Configuration

About SWG configurations that support application filtering

Secure Web Gateway (SWG) supports application filtering for use with or without an SWG subscription for specific configurations only.

SWG supports application filtering in these configurations:

  • Explicit forward proxy
  • Transparent forward proxy
  • LTM SSL forward proxy with SWG

SWG does not support application filtering in these configurations:

  • Remote access forward proxy
  • Web access management (APM® and LTM® in reverse proxy mode)

About application families

Secure Web Gateway (SWG) supports a predefined set of application families and applications. An application family name characterizes the type of applications associated with it. Users cannot add applications or application families to SWG.

About application filters

An application filter specifies the applications (and application families) that Secure Web Gateway (SWG) supports and a filtering action (allow or block) for each application. An application filter can be used in a per-request policy in a supported SWG configuration to control access to supported applications.

SWG provides predefined application filters: block-all, allow-all, and default. The default application filter allows access to some application families and blocks access to others. Users can define their own application filters and use those that SWG provides.

Overview: Configuring filters for application access

Secure Web Gateway (SWG) provides a few default application filters and you can configure additional filters. Application filtering is effected in a per-request policy in supported SWG configurations.

Task summary

Specifying the default filter action for an application

You can change the default filter action (block or allow) for any application. When you create a new application filter, the applications in it specify the default filter action.
Note: A change to the default filter action for an application has no effect on existing application filters.
  1. On the Main tab, click Access Policy > Secure Web Gateway > Applications .
    The Applications screen displays.
  2. To view applications, expand an application family.
  3. To modify the default filter action for an application:
    1. Click the application name.
      An Application Properties screen displays.
    2. From the Default Filter Action list, retain the displayed setting or select another.
      The options are Block and Allow.
    3. Click Update.
      The Applications screen displays.
The default filtering action for the application is updated and is used when a new application filter is created.

Configuring application filters

Configure an application filter to specify how to process requests for access to applications or application families. You can configure multiple application filters.
  1. On the Main tab, click Access Policy > Secure Web Gateway > Application Filters .
    Click the name of any filter to view its settings.
    Note: Default application filters, such as block-all, allow-all and default, are available. You cannot delete default application filters.
    The Application Filters screen displays.
  2. To configure a new application filter, click one of these:
    • Create button - Click to start with an application filter with the default filter action specified for each application.
    • Copy link - Click this link for an existing application filter in the table to start with its settings.
    Another screen opens.
  3. In the Name field, type a unique name for the application filter.
  4. In the Description field, type any descriptive text.
  5. Click Finished.
    The properties screen displays with an Associated Applications table.
  6. To block access to particular applications or entire application families, select them and click Block.
    Important: When you select an application family, you also select the related applications. You can expand the application family and clear any applications that are selected.
    Important: To block any applications that Secure Web Gateway cannot categorize, select the application family Unknown.
  7. To allow access to particular applications or entire application families, select them and click Allow.
To use an application filter, you must assign it in a per-request policy. A per-request policy runs each time a request is made.