cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Jonathan_Kneph1
Nimbostratus
Nimbostratus

Problem this snippet solves:

Websense Content Gateway Assistant iApp

Enables easy configuration of a Websense Content Gateway cluster behind F5 LTM.

Provides the following features:

  • Creation of an LTM Virtual Server-based explicit proxy for HTTP/HTTPS/FTP
  • Support for specialized Websense health-checks (version 7.7 and above)
  • Support for transparent proxy forwarding (non-explicit)
  • Full management of the loading of the Websense content gateway pool in both explicit and transparent modes
  • TCP queueing/optimization for proxy clients
  • Support for all proxy authentication modes available at the Websense Content Gateway cluster, including Integrated Windows Authentication and Kerberos

This iApp is supplied with a full help file. Please refer to it when configuring your environment.

V3 updates:

  • VLAN selection support

Requires TMOS 11.3 or newer, suggested 11.5 or newer.

Configuration Guide

Contributed by: jknepher

Tested this on version:

11.3
Comments
etrust_146327
Cirrus
Cirrus
Hi The health monitor looks li this: GET http://127.0.0.1:8083/heakth.app.filtering HTTP/1.0\r\n\r\n Why is the IP address 127.0.0.1 ?
Jonathan_Kneph1
Nimbostratus
Nimbostratus
Hello etrust. The health monitor uses that specific proxy request in order to test the proxy, and it's required internal management functions, such as the filtering service. Checking just the proxy port wouldn't assure that filtering is working, and checking just the filtering service wouldn't assure that the proxy is working.
Sidoli_236736
Nimbostratus
Nimbostratus
Hi, we have a scenario where we require iRule functionality while using this iApp. We need to decrypt the traffic before it is sent to Websense so that iRules can process the request. If we create the clientssl profile with a certificate and key then we can successfully achieve this, however the browsers rightfully complain because there is a certificate name mismatch for the target web server, do you know how we can accomplish this?
vrn_159121
Altostratus
Altostratus
Hi Mr.jonathan Knepher Thanks for this i app. i need to know what are the services does this health monitor checks. "http://127.0.0.1:8083/heakth.app.filtering" how can i use this monitor to my other pools which is created without iapp.
Cody_Green
F5 Employee
F5 Employee
Sidoli, F5's SSL forward proxy functionality will address your issue: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-3-0/14.html. With this option the F5 will generate a valid SSL certificate for the requested website. You may also want to look at F5's SSL AirGap iAp: https://tstdmz.olympus.f5net.com/solutions/deployment-guides/air-gap-egress-inspection-with-ssl-intercept-big-ip-v114-ltm.
Version history
Last update:
‎28-Apr-2015 16:43
Updated by:
Contributors