Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusAPM ACL what is source for IP evaluated
Hi,
I am struggling with figuring out what is base for IP evaluated by for example Static ACL in APM. As far as understand ACL object in VPE are only evaluated during Access Policy processing (b...
ACLs can operate on Network Access or App Tunnel or LTM+APM or Portal Access mode. Some of these modes have a soure/dest IP and sometimes it's not really relevant.
ACL evaluation comes after ACCESS_POLICY_COMPLETED. Between ACCESS_SESSION_STARTED and ACCESS_POLICY_COMPLETED, iRule flows actually are triggered from Client -> APM Renderer, so the source/dest won't make a lot of sense there. After the Access Policy is done, and the session is in "Allow" state, then all assigned ACLs are processed as normal.
What exactly are you trying to ACL? It's pretty flexible, there should be no need to come up with any funny tricks like DNS lookups, etc.