Manual Chapter : Visual Policy Editor

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2
Manual Chapter

About the visual policy editor

The visual policy editor is a screen on which to configure an access policy using visual elements.

Visual policy editor conventions

This table provides a visual dictionary for the visual policy editor.

Visual element Element type Description
Green Start icon Initial access policy When an access profile is created, usually an initial access policy is also created.
Green Start icon Start Every access profile contains a start.
branch connects one object to another Branch A branch connects an action to another action or to an ending.
branch connects one object to another Add an action Clicking this icon causes a screen to open with available actions for selection.
Logon page action displays as a rectangle Action Clicking the name of an action, such as Logon Page, opens a screen with properties and rules for the action. Clicking the x deletes the action from the access policy.
Red asterisk in AD Auth action Action that requires some configuration The red asterisk indicates that some properties must be configured. Clicking the name opens a screen with properties for the action.
Ending Ending Each branch has an ending: Allow or Deny.
Configure an ending Configure ending Clicking the name of an ending opens a popup screen.
Configure a macrocall Add a macro for use in the access policy Opens a screen for macro template selection. After addition, the macro is available for configuration and for use as an action item.
Macro ready to configure Macro added for use Added macros display under the access policy. Clicking the plus (+) sign expands the macro for configuration of the actions in it.
Logon page action displays as a rectangle Macrocall in an access policy Clicking the macrocall name expands the macro in the area below the access policy.
Logon page action displays as a rectangle Apply Access Policy Clicking it commits changes. The visual policy editor displays this link when any changes remain uncommitted.

About actions on the add item screen

The actions that are available on any given tab of the add item screen depend on the access profile type, such as LTM-APM (for web access) or SSL-VPN (for remote access), and so on. Only actions that are appropriate for the access profile type will display.

branch connects one object to anotherAdd action item screen

About macrocalls on the add item screen

The Macrocalls tab displays only when at least one macro has been added for use in the access policy.

Note: Macrocalls can be added to any access policy. Macrocalls cannot be shared across access policies.
branch connects one object to anotherMacrocalls tab on the add item screen

About macros and macrocalls

A macro is a collection of access policy actions that provide common access policy functions. For example, AD auth and resources is a preconfigured macro template. It supplies a logon page, an Active Directory authentication action, and a resource assignment action. The properties and rules for the actions are configurable.

After a macro is configured, it can be placed into the access policy by adding a macrocall. A macrocall is an action that performs the functions defined in a macro.

A macro contains actions and terminals and can include macrocalls.

Access policy actions
Any available action or series of actions.
Macrocalls
Calls to other macros (nested macros).
Terminals
An endpoint in a macro. Default terminals are Successful and Failure. Terminals are configurable and can be added and deleted.

Terminals defined in the macro display as the branches that follow the macrocall after it has been added to the access policy.

Additional resources and documentation for BIG-IP Access Policy Manager

You can access all of the following BIG-IP system documentation from the AskF5 Knowledge Base located at http://support.f5.com/.

Document Description
BIG-IP Access Policy Manager: Secure Web Gateway Implementations This guide contains information to help an administrator configure Secure Web Gateway (SWG) explicit or transparent forward proxy and apply URL categorization and filtering to Internet traffic from your enterprise.
BIG-IP Access Policy Manager: Third-Party Integration Implementations This guide contains information about integrating third-party products with Access Policy Manager (APM). It includes implementations for integration with VMware Horizon View, Oracle Access Manager, Citrix Web Interface site, and so on.
BIG-IP Access Policy Manager: Authentication and Single-Sign On This guide contains information to help an administrator configure APM for single sign-on and for various types of authentication, such as AAA server, SAML, certificate inspection, local user database, and so on.
BIG-IP Access Policy Manager: Visual Policy Editor This guide contains information about how to use the visual policy editor to configure access policies.
BIG-IP Access Policy Manager: Implementations This guide contains implementations for synchronizing access policies across BIG-IP systems, hosting content on a BIG-IP system, maintaining OPSWAT libraries, configuring dynamic ACLs, web access management, and configuring an access policy for routing.
BIG-IP Access Policy Manager: Portal Access This guide contains information about how to configure APM portal access. In portal access, APM communicates with back-end servers, rewrites links in application web pages, and directs additional requests from clients back to APM.
BIG-IP Access Policy Manager: Edge Client and Application Configuration This guide contains information for an administrator to configure the BIG-IP system for these clients:
  • BIG-IP Edge Client for Windows
  • BIG-IP Edge Client for Mac
  • BIG-IP Edge Client for Linux
  • BIG-IP Edge Command-Line Client for Linux
It also includes information about how to configure or obtain client packages and install them, as well as configuration details of system security settings on the BIG-IP system for these applications:
  • BIG-IP Edge Client for iOS
  • BIG-IP Edge Client for Android
  • BIG-IP Edge Portal for iOS
  • BIG-IP Edge Portal for Android
BIG-IP Access Policy Manager: Application Access This guide contains information for an administrator to configure application tunnels for secure, application-level TCP/IP connections from the client to the network.
BIG-IP Access Policy Manager: Network Access This guide contains information for an administrator to configure APM network access to provide secure access to corporate applications and data using a standard web browser.
BIG-IP Access Policy Manager: Customization This guide provides information about using the APM customization tool to provide users with a personalized experience for access policy screens, and errors. An administrator can apply your organization's brand images and colors, change messages and errors for local languages, and change the layout of user pages and screens.
Release notes Release notes contain information about the current software release, including a list of associated documentation, a summary of new features, enhancements, fixes, known issues, and available workarounds.
Solutions and Tech Notes Solutions are responses and resolutions to known issues. Tech Notes provide additional configuration instructions and how-to information.