Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Websense Content Gateway Assistant iApp

Jonathan_Kneph1
Nimbostratus
Nimbostratus

on ‎28-Apr-2015 16:43

Problem this snippet solves:

Websense Content Gateway Assistant iApp

Enables easy configuration of a Websense Content Gateway cluster behind F5 LTM.

Provides the following features:

  • Creation of an LTM Virtual Server-based explicit proxy for HTTP/HTTPS/FTP
  • Support for specialized Websense health-checks (version 7.7 and above)
  • Support for transparent proxy forwarding (non-explicit)
  • Full management of the loading of the Websense content gateway pool in both explicit and transparent modes
  • TCP queueing/optimization for proxy clients
  • Support for all proxy authentication modes available at the Websense Content Gateway cluster, including Integrated Windows Authentication and Kerberos

This iApp is supplied with a full help file. Please refer to it when configuring your environment.

V3 updates:

  • VLAN selection support

Requires TMOS 11.3 or newer, suggested 11.5 or newer.

Configuration Guide

Contributed by: jknepher

Tested this on version:

11.3
f5.websense_cg_assistant_v3_20141110.tmpl
0 Kudos
Comments
etrust_146327
Cirrus
Cirrus
‎24-Aug-2015 02:10
Hi The health monitor looks li this: GET http://127.0.0.1:8083/heakth.app.filtering HTTP/1.0\r\n\r\n Why is the IP address 127.0.0.1 ?
0 Kudos
Jonathan_Kneph1
Nimbostratus
Nimbostratus
‎25-Aug-2015 11:59
Hello etrust. The health monitor uses that specific proxy request in order to test the proxy, and it's required internal management functions, such as the filtering service. Checking just the proxy port wouldn't assure that filtering is working, and checking just the filtering service wouldn't assure that the proxy is working.
0 Kudos
Sidoli_236736
Nimbostratus
Nimbostratus
‎02-Dec-2015 04:34
Hi, we have a scenario where we require iRule functionality while using this iApp. We need to decrypt the traffic before it is sent to Websense so that iRules can process the request. If we create the clientssl profile with a certificate and key then we can successfully achieve this, however the browsers rightfully complain because there is a certificate name mismatch for the target web server, do you know how we can accomplish this?
0 Kudos
vrn_159121
Altostratus
Altostratus
‎29-Dec-2015 20:18
Hi Mr.jonathan Knepher Thanks for this i app. i need to know what are the services does this health monitor checks. "http://127.0.0.1:8083/heakth.app.filtering" how can i use this monitor to my other pools which is created without iapp.
0 Kudos
Cody_Green
F5 Employee
F5 Employee
‎06-Jan-2016 07:29
Sidoli, F5's SSL forward proxy functionality will address your issue: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-3-0/14.ht.... With this option the F5 will generate a valid SSL certificate for the requested website. You may also want to look at F5's SSL AirGap iAp: https://f5.com/solutions/deployment-guides/air-gap-egress-inspection-with-ssl-intercept-big-ip-v114-....
0 Kudos
Version history
Last update:
‎28-Apr-2015 16:43
Updated by:
Nimbostratus
Contributors
Copyright © 2023 Khoros, LLC