Forum Discussion

Nimbostratus

May 17, 2022

APM - How to configure logging of snat addresses for network access and app tunnels

Hello everyone, we are using BIG-IP Access Policy Manager to enable administrative access to systems via App Tunnel and Network Access resources. For security reasons, we need to be able to map req...

BIG-IP Access Policy Manager (APM)

MVP

Sep 28, 2023

If you turn up logging of the access profile you will be able to log the user and which lease ip it gets assigned and the actions performed. I have only used debug, but it migth be possible to go lower than that. All the lines are prefixed with the session id, so you should be able to correlate on that to identify a user.

You can also look here: https://community.f5.com/t5/technical-forum/userid-to-leasepool-ip-mapping/td-p/60728

for inspiration regarding the actual logging with an iRule.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM - How to configure logging of snat addresses for network access and app tunnels

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Can APM be configured with two proxy addresses

CSV to Address External Datagroup File

Logging pool member name (and not just address)

Certificate Expiry Email alert configuration

Reminder: MFA now required to log in to DevCentral

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS