Microsoft Forefront Threat Management Gateway Replacement (BIG-IP v11.5+, v12: LTM, APM, AAM, AFM)

This deployment guide shows how to configure the BIG-IP system as a forward and reverse proxy, enabling you to remove or relocate gateway security devices, such as Microsoft Threat Management Gateway (TMG) or Internet Security and Acceleration (ISA) servers. This guide describes the process for configuring the BIG-IP system as a reverse proxy to secure and optimize applications (such as Microsoft SharePoint Server), as well as a forward proxy to inspect and secure internet-bound traffic from internal clients. 

Deploying the BIG-IP system in this way allows you to control access to resources by both external and internal clients, while also
optimizing application performance and reducing load on application servers.

F5’s Secure Web Gateway (SWG) is a great alternative to gateway security devices like TMG. The solution combines granular access control, robust compliance reporting, and a comprehensive categorization database to provide the single point of control enterprises need to ensure safe and appropriate web access.

  • Forward Web Proxy
    F5 SWG provides full, forward web proxy functionality, including the ability to evaluate and proxy encrypted, SSL-based traffic. The solution can be configured to secure web access for a variety of clients, both internal and remote.
  • URL and Content Filtering
    The threat intelligence behind SWG analyzes more than 5 billion web requests every day to produce a comprehensive categorization database of 40 million website URLs. SWG uses BIG-IP Access Policy Manager (APM) to give administrators the flexibility to evaluate and assign policy at an extremely granular level. For example, an administrator might apply a specific set of URL filters to a particular user within a certain Active Directory group for a specific period of time.
  • Compliance 
    Ensuring acceptable and secure web access is more than just good business; more often than not, it’s corporate policy—with the potential for very real consequences if not appropriately managed. Secure Web Gateway Services provide IT administrators and HR professionals with the tools they need to ensure acceptable use policies are both effective and appropriate. The solution includes several dynamically generated and exportable reports that provide a clear picture of the enterprise’s web activity. Additionally, the F5 solution can be integrated with many remote central logging systems.

The following diagram shows an example configuration described in the deployment guide.