APM AD group resources assign with ACL
Hi All
I am having an issue with the APM project. Customer is aim to replace juniper ssl vpn with F5 APM with the requirement below
The user is authenticated though AD group , when user are memeber of "Group A" , then user can access to 'Group A network" only . but when the user is member of "Group A" and "Group B" , user will assign with able access to "Group A network" and "Group B network"
Assume i am create a general network access profile for all user , exmple : network access create for Network A , Network B and NEtwork C.
Any solution can suggest to achieve user requirement ? i am using ACL but it fail and the example as below
1.)Group A User will able access network A = ACL assign to GROUP A i.) "allow destinaton network A" ii.) "deny any other destination network 2.) Group B User will able access network B = ACL assign to GROUP B i.) "allow destinaton network B" ii.) "deny any other destination network
When user belong to "member of GROUP A and GROUP B" , after user authenticated , the APM will assign 2 set ACL for group A and group B to user. I am assume APM will assign user ACL with allow access to "network A and network B" from 2 set of ACL above.
But once user hit first set ACL rule with Deny any other destination network , it wont process to second ACL rule which is allow access to Network B
Please advice for any suggestion can i merge the allow list for the user belong to "member of "Group A" and Group B"
Note: We try not to use different network access profile for all group user . it is because when apm portal show different network access profile for user selection will not ideal as user always not sure which network for select.
thanks Regards Jack