Manual Chapter : BIG-IP APM Secure Web Gateway Overview

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0
Manual Chapter

BIG-IP APM Secure Web Gateway Overview

About Secure Web Gateway for web access

BIG-IP® Access Policy Manager® (APM®) implements a Secure Web Gateway (SWG) by adding access control, based on URL categorization, to forward proxy. With SWG, you can create a configuration to protect your network assets and end users from threats, and enforce a use and compliance policy for Internet access. Users that access the Internet from the enterprise go through SWG, which can allow or block access to URL categories or indicate that the user should confirm the URL before access can be allowed.

About the benefits APM provides for web access

BIG-IP® Access Policy Manager® (APM®) supports basic web site access control purely based on user-defined URL categories. This feature is a part of base APM functionality, without requiring an SWG subscription. The benefits include:

  • URL filtering capability for outbound web traffic.
  • Monitoring and gating outbound traffic to maximize productivity and meet business needs.
  • User identification or authentication (or both) tied to logging, and access control compliance and accountability.
  • Visibility into SSL traffic.
  • Reports on blocked requests and all requests. (Reports depend on event logging settings.)
  • Ability to interactively request additional authentication for sensitive resources and provide time-limited access to them in subsessions.
  • Ability to interactively request confirmation before allowing or blocking access to resources that might not, in all instances, provide benefit to the business. Confirmation and access take place in a subsession with its own lifetime and timeout values.

About Secure Web Gateway subscription benefits

A BIG-IP® system with Access Policy Manager® (APM®) and a Secure Web Gateway (SWG) subscription provides these benefits over those provided by APM alone:

  • A database with over 150 predefined URL categories and 60 million URLs.
  • A service that regularly updates the URL database as new threats and URLs are identified.
  • Identification of malicious content and the means to block it.
  • Web application controls for application types, such as social networking and Internet communication in corporate environments.
  • Support for Safe Search, a search engine feature that can prevent offensive content and images from showing up in search results.
  • A dashboard with statistical information about traffic logged by the BIG-IP system for SWG. Graphs, such as Top URLs by Request Count and Top Categories by Blocked Request Count, summarize activities over time and provide access to underlying statistics.

SWG subscription benefits extend these APM benefits:

  • URL filtering capability for outbound web traffic.
  • Monitoring and gating outbound traffic to maximize productivity and meet business needs.
  • User identification or authentication (or both) tied to logging, and access control compliance and accountability.
  • Visibility into SSL traffic.
  • Reports on blocked requests and all requests. (Reports depend on event logging settings.)
  • Ability to interactively request additional authentication for sensitive resources and provide time-limited access to them in subsessions.
  • Ability to interactively request confirmation before allowing or blocking access to resources that might not, in all instances, provide benefit to the business. Confirmation and access take place in a subsession with its own lifetime and timeout values.

Additional resources and documentation for BIG-IP Access Policy Manager

You can access all of the following BIG-IP® system documentation from the AskF5™ Knowledge Base located at http://support.f5.com/.

Document Description
BIG-IP® Access Policy Manager®: Application Access This guide contains information for an administrator to configure application tunnels for secure, application-level TCP/IP connections from the client to the network.
BIG-IP® Access Policy Manager®: Authentication and Single-Sign On This guide contains information to help an administrator configure APM for single sign-on and for various types of authentication, such as AAA server, SAML, certificate inspection, local user database, and so on.
BIG-IP® Access Policy Manager®: Customization This guide provides information about using the APM customization tool to provide users with a personalized experience for access policy screens, and errors. An administrator can apply your organization's brand images and colors, change messages and errors for local languages, and change the layout of user pages and screens.
BIG-IP® Access Policy Manager®: Edge Client and Application Configuration This guide contains information for an administrator to configure the BIG-IP® system for browser-based access with the web client as well as for access using BIG-IP Edge Client® and BIG-IP Edge Apps. It also includes information about how to configure or obtain client packages and install them for BIG-IP Edge Client for Windows, Mac, and Linux, and Edge Client command-line interface for Linux.
BIG-IP® Access Policy Manager®: Implementations This guide contains implementations for synchronizing access policies across BIG-IP systems, hosting content on a BIG-IP system, maintaining OPSWAT libraries, configuring dynamic ACLs, web access management, and configuring an access policy for routing.
BIG-IP® Access Policy Manager®: Network Access This guide contains information for an administrator to configure APM Network Access to provide secure access to corporate applications and data using a standard web browser.
BIG-IP® Access Policy Manager®: Portal Access This guide contains information about how to configure APM Portal Access. In Portal Access, APM communicates with back-end servers, rewrites links in application web pages, and directs additional requests from clients back to APM.
BIG-IP® Access Policy Manager®: Secure Web Gateway This guide contains information to help an administrator configure Secure Web Gateway (SWG) explicit or transparent forward proxy and apply URL categorization and filtering to Internet traffic from your enterprise.
BIG-IP® Access Policy Manager®: Third-Party Integration This guide contains information about integrating third-party products with Access Policy Manager (APM®). It includes implementations for integration with VMware Horizon View, Oracle Access Manager, Citrix Web Interface site, and so on.
BIG-IP® Access Policy Manager®: Visual Policy Editor This guide contains information about how to use the visual policy editor to configure access policies.
Release notes Release notes contain information about the current software release, including a list of associated documentation, a summary of new features, enhancements, fixes, known issues, and available workarounds.
Solutions and Tech Notes Solutions are responses and resolutions to known issues. Tech Notes provide additional configuration instructions and how-to information.