Forum Discussion

Andy_Murray's avatar
Icon for Nimbostratus rankNimbostratus
Nov 09, 2020

APM - Limit access to specific IMEI numbers



We are currenly using APM to allow Android Smartphones to connect using F5 Access. We have an Intune Connector that checks the device is compliant but I now want to limit access to specific IMEI numbers.


I can see in the access logs that the we retreive the IMEI number in the session.mdm.device.imei session variable, but I don't now how to filter access using it.


Any help would be much appreciated.


4 Replies

  • The simplest way to do this is to use the APM Visual Policy Editor ( although you could use iRules etc instead ). Use an Empty box and check the IMEI session and branch from there

    • Andy_Murray's avatar
      Icon for Nimbostratus rankNimbostratus

      Hi Pete


      Thanks for answering, I can see how to create an empty box, but how do I perform the IMEI check?

      • PeteWhite's avatar
        Icon for Employee rankEmployee

        Hi Andy,

        So it depends on what check you want to do. For instance, do you want to check it begins with or contains a string? Or something more complex than that. The short answer is that you have to write a tcl statement which matches what you want.

        Often you will use expr which evaluates an expression and returns a Boolean result eg is string longer than 3?

        You also use mcget to retrieve the session variables.

        An example to check whether the IMEI starts with 123 is below.


        expr { [mcget {session.mdm.device.imei}] starts_with "123"}


        In the empty box you will have this as the first branch so anything which matches follows that branch, if it doesn't it follows the fallback branch.


        I always start these things very simple - add a pop-up box to check you can see the session variable and start the checking with something very simple and move on from there.