Forum Discussion
[APM] ACL Interest
If no ACL is assigned to a APM session, nothing is blocked.
The main goal of ACL is to manage authorization based on user session (group membership, partners not allowed to some networks, ...)
Network firewall will manage filter based on IP, APM will manage filter based on multiple criteria. that's why the product is called Access Policy Manager :-)
ACL can be used for L4 (with Network Access) and / or for L7 (portal access, remote desktop, App Tunnel).
If a L4 ACL matches a L7 request because L4 ACL is above Portal Access ACL with SSO, action of L4 will be applied without SSO.
when working with portal access, all requests are initiated with APM IP. the firewall won't be able to filter which user is allowed to access resources.
If you don't put a default drop ACL with the higher number, a user connected to a portal access will be allowed to browse all internal resources by APM. if the APM have a default drop ACL, it will display a blocking page, if this is done by the firewall, the request will be dropped without blocking page.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com