Lab 5: SWG iApp - Transparent Proxy for HTTP and HTTPS¶
In this lab exercise, you will configure SWG in transparent proxy mode to support environments where clients do not leverage an explicit proxy. BIG-IP is deployed inline on the client’s outbound path to the Internet to intercept the traffic.
Estimated completion time: 15 minutes
Objectives:
- Deploy SWG in transparent proxy mode
- Test web browsing behavior
Lab Requirements:
- Lab 1 previously completed successfully (working SWG iApp deployment)
- BIG-IP must be in path between the client workstation and the Internet (this has already been done for you in this lab)
Task 1 – Create a new Access Policy¶
- Use Firefox to access the BIG-IP GUI (https://10.1.1.10, admin/admin)
- Browse to Access >> Profiles / Policies >> Access Profiles (Per-Session Policies) and click Create…
- Name the profile AP_Transparent
- Change the Profile Type to SWG-Transparent
- Add English to Accepted Languages
- Accept all other default settings and click Finished
- Click on the Edit… link for the appropriate Access Policy created above
- Go to the VPE tab in your browser and on the fallback branch, click on the Deny Ending and change it to Allow
- Click Save
- Click Apply Access Policy
Task 2 – Reconfigure SWG iApp to apply Transparent Access Policy¶
- Browse to iApps >> Application Services > Applications
- Click on SWG
- Click Reconfigure
- Change Configuration Type to Transparent Proxy
- Find the section Which SWG-Transparent Access Policy do you want to use?
- Change Access Policy to AP_Transparent
- Find the section Which Per-Request Access Policy do you want to use?
- Change the per-request policy to Lab_Per_Request
- Set Should the system translate client addresses to Yes…
- Set Which SNAT mode do you want to use to use SNAT Auto Map
- Browse to the bottom and click Finished
Task 3 – Testing¶
- Open Internet Explorer on your Jump Host client machine
- Ensure Internet Explorer options are configured to *not* use an explicit proxy
- Browse to https://www.nhl.com. You should not be prompted for authentication.