APM Apply Access Policy - affect existing sessions vs new sessions

Question

This might be a silly question, but I'm having trouble finding a definite answer.  When does applying changes to an access policy invalidate currently connected sessions vs only taking affect for new sessions?  I feel like the vast majority or changes would only apply to new sessions, since an existing session will persist on the agreed upon rules/settings at the time it was negotiated.  But what about something like adding a new domain to an existing multi-domain policy?  Or adding a new branch to an existing policy to accommodate a new user group/application?  What kinds of scenarios cause an APM session to become invalidated after a change?&nbsp;
Thanks for any input or clarification.&nbsp;

seth_cooper · Answer

Hi, &nbsp;
When you connect to APM you get a session and then the apd process will evaluate the access policy until allow or deny.  At this point apd hands off the session to tmm.  Any changes to the VPE will not affect these already established sessions.  When you "Apply" the access policy it is forcing the new changes into apd so that the next time a access policy evaluation starts the new settings take affect.&nbsp;
-Seth&nbsp;

Forum Discussion

APM Apply Access Policy - affect existing sessions vs new sessions

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Raise your hand if you'll be at AppWorld 2026

RDP Webtop deployment

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Single LTM with multiple GTM domains

Related Content

F5 Architecture Track Sessions - AppWorld 2026

MCP Session Affinity With F5 NGINX Plus

TLS Stateful vs Stateless Session Resumption

APM session attribute exists

Agility sessions announced

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS