With BIG-IP® Access Policy Manager™, you use resources to provide
secure connection functionality to users. With Access Policy Manager, you
configure a resource to allow access to a web application or a network access connection, or you configure an access control list to allow or deny access to clients with a network access, web applications, or web application access management access policies. You use access control lists (ACLs), network access or web applications resources, and webtops to provide functionality to clients. For a web application access management policy, you can assign ACLs, but you cannot assign any other resources. You use ACLs to define allowed and disallowed networks, hosts, and protocols for users. With web applications access policies, you use webtops to provide a web page with useful links to users who connect. You assign ACLs and webtops dynamically in an access policy, using the resource assign action. A represents a single secure connection that provides an on-network type of experience to an end user. You can define many network access resources on the Access Policy Manager, but each connection uses only one network access resource. To connect a user securely with a network access connection, you must assign a network access resource to an access policy and a network access webtop, using the resource assign action. A network access connection does not manipulate or analyze the content being passed between the client and the internal network. A provides web browser access to one or more specific internal web applications. With web applications, the Access Policy Manager communicates with back-end servers, and rewrites the links in the response so that all the links in the response content specify the virtual server as the host. This method of access differs from a connection configured for network access, which provide a secured tunnel from the client to the internal network. In this chapter you can learn how to use ACLs and webtops. To configure network access resources, see Chapter 2, . To configure web applications, see Chapter 3, . To configure web application access management, see Chapter 4, .