Forum Discussion
NimbostratusUsing F5 APM as a "Authenticated Web Proxy"
Hi, I am new to F5 and I am trying to setup an Authenticated forward proxy for specific ports 80 and 443. Currently i have a LTM2200 with APM (no SWG), is it possible to setup an authenticated forward web proxy?
I have used the below irule for forward proxy and it works like a charm and users are able to use it to access the internet.
An HTTP forward proxy iRule: https://devcentral.f5.com/wiki/irules.HTTP-Forward-Proxy-v3-2.ashx
For the authentication, im trying to use Kerberos. I have configured SSO with Kerberos authentication method, access policy to support Kerberos SSO and attaching the access profile to the virtual server (Forward Proxy) for Kerberos SSO. However when i tried to attach the access profile to the Virtual Server (Forward Proxy) it stopped working. I have tested the access profile on another Virtual Server which is a reverse proxy for a pool of servers and the access profile works.
Is there something which i am missing? I would appreciate if someone could advice.
Thanks in advance Spencer
3 Replies
- Matt_Dierick
Employee
Hi Spencer,
In release 11.5, you can set a http-explicit profile on your VS. Instead of using the irule. SWG is not mandatory if you are using only web proxy feature.
I would test like this. Download swg iapp in order to create the 3 necessary VS (primary on 8080, http on 80 and https on 443). The iapp will create the right tunnels for the ssl forward proxy.
And to finish, apply your APM policy on the primary VS. You can choose this policy in the iapp.
This a workaround you could test. Make sense ???
mobo_139370Hi, Is there any way to use proxy caching feature with SWG ? Thanks,
- Matt_DierickUnfortunately, not yet.
