SWG PROXY CHAINING TO BLUECOAT

Hi Brent, try following:

1) Assign the explicit HTTP profile in BigIP

2) Create TMG proxy pool

3) iRule like following:

when HTTP_PROXY_REQUEST {
  HTTP::proxy disable
  pool tmg_pool
}

Thanks Kunjan,

 

Wouldn't this prevent the proxy services on SWG being used? We need the SWG to proxy as well as the upstream proxy. I won't be able to test this for a while as we are still in the planning phases.

 

How about running SWG in transparent mode or or do conditional chaining during the testing.

 

https://devcentral.f5.com/codeshare?sid=551

 

Hi Kunjan

 

Where you able to get a solution for this?

 

Hello,

Based on the following link : https://devcentral.f5.com/codeshare?sid=551

You can use SWG and then chain to an upstream proxy

 Example 3: Proxy Chaining via Categorization (Requires either an SWG or URL Filtering Subscription)

when RULE_INIT {
    log local0. "Proxy Chain iRule"
    set static::Proxy_Chain_categories {
       /Common/Restaurants_and_Dining
    }
    set static::Proxy_Chain_debug 1
}

when HTTP_PROXY_REQUEST {
    set proxy_chain 0
    if { $static::Proxy_Chain_debug } { log local0. "URI: [HTTP::uri]" }

     Check for a category match
    set reply [getfield [CATEGORY::lookup [HTTP::uri]] " " 1]
    if {[lsearch -exact $static::Proxy_Chain_categories $reply] >= 0}{
        if { $static::Proxy_Chain_debug } { log local0. "HIT: The category $reply should be bypassed for [HTTP::uri]" }
        set proxy_chain 1
    }

     Check for a URI::host for HTTP connections
    if {[URI::host [HTTP::uri]] == "www.cariboucoffee.com"} {
        set proxy_chain 1
    }

     Perform the prescibed action
    if { $proxy_chain } {
        if { $static::Proxy_Chain_debug } { log local0. "Proxy Chain: [HTTP::method] URI:[HTTP::uri]" }
        HTTP::proxy disable
        snat 10.10.1.10
        pool squid  
    }
}