Forum Discussion

Nimbostratus

May 17, 2022

APM - How to configure logging of snat addresses for network access and app tunnels

Hello everyone, we are using BIG-IP Access Policy Manager to enable administrative access to systems via App Tunnel and Network Access resources. For security reasons, we need to be able to map req...

BIG-IP Access Policy Manager (APM)

MVP

Sep 28, 2023

If you turn up logging of the access profile you will be able to log the user and which lease ip it gets assigned and the actions performed. I have only used debug, but it migth be possible to go lower than that. All the lines are prefixed with the session id, so you should be able to correlate on that to identify a user.

You can also look here: https://community.f5.com/t5/technical-forum/userid-to-leasepool-ip-mapping/td-p/60728

for inspiration regarding the actual logging with an iRule.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM - How to configure logging of snat addresses for network access and app tunnels

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

block a specific user

which virtual server will be hit?

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

APM - Portal access - Issue

F5 bot defense - false positives

Related Content

SNAT IP address logging

Logging/Blocking possible prompt injection

Forwarding Logs to SIEM Tools via HTTP Proxy for F5 Distributed Cloud Global Log Receiver

F5 Distributed Cloud - Traffic Steering based on Client IP Address

How I did it - "Configuring remote logging for F5 Distributed Cloud Services"

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS