Forum Discussion

Julzor's avatar
Icon for Altostratus rankAltostratus
Mar 16, 2020

APM : CCU "Full" session VS Access "LTM_APM" session

Hi guys,


We are NOT -yet- F5 expert and had to deploy APM ASAP.


Everything mainly works, but I still have some doubt about one thing.

We have 2500 licences for concurrent VPN access, and we see the number of Active Sessions rising far more than expected.


Mainly it concerns "LTM_APM" session type, which if i understood correctly corresponds to "Access Sessions".

On the other end, we have far less "Full" type sessions which corresponds to CCU session.


Can you confirm that the 2500 licences only apply to CCU session (type "Full" in GUI).


Can someone explains to me what is an "Access Session"?

With technical and logical words... I've been through multiple F5 documentation explaining it but it's still unclear to me what it does represents.

4 Replies

  • First the session type just indicates the type of APM session:


    N/A: Still doing login for example.

    network_access: A webtop with a network access resource (VPN)

    web_application: A virtual server with APM profile and a rewrite profile (APM doing L7 reverse proxy)

    full: A full webtop, can have multiple type of resources, including a network access resource (VPN)

    ltm_apm: A virtual server with an APM profile, just for authentication for example.


    In the list above I have 5 sessions:


    Those sessions may or may not count as one CCU, it will depend on resource used in the session:


    You can see the number of CCUs used via command line:


    Concluding, the tmsh command will tell you how many CCU you have used.

    Looking the type of session does not directly indicate that is using a CCU, because you could have a session type full that is only doing Microsoft RDP and that does not use CCUs.



  • Thank you very much for your answer.


    We found out that all the LTM_APM were caused by a mistake in our policy.

    It's now fixed and we can see almost "full" session only.


    There is just one thing, we now observe a few (2~3 sessions out of 600) as "network_access".


    In which case could you have such kind of session?

    We only use APM.


    Thanks again!

  • Lidev answered your question.


    Just to add more information, based on the images above.

    The network_access type in the image above is my access using BIG-IP Edge client.

    However, the type would be the same if I connect via web browser to that URL.