Forum Discussion
APM clientless inquiry
Hello
Can we consider network access in APM as a client connection not clientless ?!
Why we are giving connected users by clicking on network access IP from assigned pool ?!
In normal clientless VPN when user connectes termination device uses his IP to contact servers right ?
When I got a packet capture from backend server I found that there is no connection coming from user IP which take from pool but all connections from F5 local self IP
- iaineNacreous
When you say Clientless, what do you mean?
Clientless-mode refers to how the APM session is setup. When you use clientless-mode, APM doesn't send back HTTP redirects to the client and proxies the Authentication attempt - typically this is used for server-to-server type traffic flows or Bespoke client to APM authentication flows.
However, the term clientless can also mean access to the APM policy via a browser rather than using the full-fat client - BIG-IP Edge Client for instance.
If you are referring to the latter, then this is concerned about how the user initiates an APM session. Unless you have specific logic in your APM policy to handle these connections differently then functionality is broadly the same. In that, both client type can access APM resources - Portal, Network, RDP etc - it's just the means that the user has connected is different.
- iaineNacreous
So when you use SNAT Automap in the Policy, the client will get an IP address from the DHCP range that you have configured in the Network Access settings. However, SNAT is applied to client traffic when it goes through APM and onto your network - this is normally to ensure the return path.
If your routing is such that the DHCP APM range will route back to the APM then you don't need to enable SNAT. This way, when you look at the traffic you will see the source IP as being the DHCP address rather than the F5.
Further reading can be found here
- iaineNacreous
Hi
It sounds like you have got SNAT enabled in the Network Access settings of your APM policy
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com