[APM] ACL Interest
Hi, I'm integrating VPNSSL F5 by using APM since many week.
Our users population are susceptible to use the following elements :
- Portal Access
- RDP Access
- Network Access
My questions are about Network Access. Today, I use Network Access to allocate the same IP address inside and outside the entreprise (F5 has in interface in all my entreprise LAN).
After that I have as many Forwading VS than Entreprise LAN. On each forwarding IP I've I this irule :
when CLIENT_ACCEPTED {
if {
[IP::addr [IP::client_addr] equals 192.168.160.0/255.255.254.0] } {
node 192.168.160.1
} else {
log local0. "[IP::client_addr] access problem"
reject
}
}
This Irule send to gateway 192.168.160.1 if the Network Access IP is in 192.168.160.0/23 range.
This system works perfectly but i've questions about that :
I've have an ACL that looks like this :
- Src : 192.168.160.0/23
- Destination : 0.0.0.0
- Port : Any
- Allow
My firewall are here to do filtering, not APM.
Since this morning I realized that if I remove this ACL, nothing change, all works perfectly too.
My F5 is not supposed to filter if there is no ACL ? In this case, what is intereset off ACL (only portal mode) ?
Thanks a lot for yours answers