Forum Discussion
henry_kay_36032
Nimbostratus
Jun 23, 2014AFM rules filtering based on Active Directory Grouping
hi all,
was posed with this question a few days ago.
In AFM, we are able to do firewall rules based on VS. Then there is this question, If i wanted to do a AFM policy based on AD-grouping. Can ...
Kevin_Stewart
Employee
Jun 24, 2014The basic problem here is the difference between OSI layers 4 and 7. AFM generally operates at layer 4, while any sort of authentication (ie. AD group information) is going to be queried for/obtained/processed in layer 7. In other words, by the time you've queried AD, an AFM policy has already allowed the traffic to pass. Now you could create a block on subsequent requests, based on AD query status, but you'd have to let the first few L7 transactions happen.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects