F5 Secure Web Gateway iApp Template

Problem this snippet solves:

This iApp assists in the configuration of the F5 Secure Web Gateway subscription add-on to Access Policy Manager (APM). It allows you to configure for both transparent or explicit proxy modes, SSL interception, and additional services in support of the proxied connections (like Proxy Auto-Configuration).

How to use this snippet:

Prerequisites

This template requires BIG-IP v11.5 or later, and can only be used with APM and SWG provisioned, and a valid subscription to SWG services applied to the BIG-IP.

Prior to running this template, if you intend to use the SSL interception features of SWG, you must have imported a CA certificate and key. In addition, you must create an APM Access Profile of the appropriate type for your deployment; the iApp will use this profile for its authentication and assignment of an SWG malware/filtering scheme.

Note: This template has not been tested nor is it supported if deploying multiple times on a single BIG-IP (via route domains or within partitions)

Features

Supports two deployment modes: explicit and transparent proxy
Configures interception of SSL traffic by category; can decrypt certain SSL traffic for inspection
Creates all necessary virtual servers and profiles to quickly build your SWG environment
For explicit proxy, creates and manages a Proxy Auto-Configuration (PAC) function

v1.1.0rc1

This updated template includes all features from the previous version, and adds support for the use of APM per-request policy in BIG-IP v11.6.0 and later. You must create a per-request APM access policy prior to deploying the iApp. When using per-request policy, the iRule for controlling SSL bypass via URL categories has been deprecated; however, the iApp template is compatible with BIG-IP v11.5.0.

v1.1.0rc2

Fixed a missing variable error when deploying transparent proxy on 11.6 or later. iApp now uses the f5.iapp cli script for portability and maintainability.