BIG-IP Access Policy Manager (APM) implements a Secure Web Gateway (SWG) for outbound access by providing access control based on URL categorization to forward proxy. With APM, you can create a configuration to protect your network assets and end users from threats, and enforce a use and compliance policy for Internet access. Users that access the Internet from the enterprise go through APM, which can allow or block access to URL categories or indicate that the user should confirm the URL before access can be allowed.
BIG-IP® Access Policy Manager® (APM®) controls basic website access purely based on user-defined URL categories. This feature is a part of base APM functionality, without requiring an SWG subscription. The benefits include:
A BIG-IP Access Policy Manager (APM) with a Secure Web Gateway (SWG) subscription provides these benefits over those supplied by APM alone:
SWG subscription benefits extend these APM benefits:
Secure Web Gateway (SWG) subscriptions expire periodically depending on the subscription length your company purchased. The system displays a warning message when the subscription is about to expire. If you fail to renew the subscription, your organization will lose access to SWG functionality, including category lookup within the Forcepoint URL database, request analytics, and response analytics. Depending on how the per-request policies implementing SWG are configured, requests to access the Internet through the forward proxy may fail.
If the SWG subscription expires and Reset on Failure is enabled in the Category lookup/Analytics agents, a TCP reset occurs whenever the category lookup fails. Clients receive no response from the server in this case and requests fail. You can configure a per-request policy to branch on failure and specify what you want to happen (such as Allow, Reject, or specify another path). For maximum protection, it is recommended that you renew the SWG subscription before it expires.
The Secure Web Gateway URL database supplies over 150 URL categories and identifies over 60 million URLs that fit within these categories. In addition, you can create custom categories if needed and add URLs to any category, custom or otherwise. You can also use custom categories to define blacklists and whitelists.
Without a URL database, an administrator tasked with treating only a few URLs differently can specify criteria for matching those few URLs in a simple URL Branching action in a per-request policy. An administrator who must categorize and filter a large number of URLs can, however, do this using Access Policy Manager (APM) user-defined URL categories.
When Access Policy Manager® (APM®) acts as a forward proxy, APM does not use session management cookies. If presented with an APM session management cookie while acting as a forward proxy, APM ignores the cookie.