Forum Discussion

veredgfbll's avatar
Jun 27, 2024

APM combine check for ldap group plus IP ACL


A client wishes to create an APM policy that will, amongst other things, do the following - 

The client has a group of users that have to meet two conditions to access the resource.

We need to check in combination that the user is both a member of an AD group and that the group also matches an IP ACL.

Can this be done using only APM, and if so, how?

Or do we need to combine an IRULE and if so, is there a simple way to do this? (we have 30 groups that need to be matched to ACLs).



2 Replies

  • Hello, veredgfbll cNY State of Health

    Certainly! To achieve this, use F5's Access Policy Manager (APM) with an AD Query for group membership and IP ACL matching. Create a compound rule to evaluate both conditions together. If satisfied, allow access; otherwise, deny. Test thoroughly! 


    I hope this suggestion will be helpful for you

    Best Regards

    Chris Wright

  • By IP ACL, do you mean you have a list of IP network addresses and are trying to match those against the client's incoming L4 IP? Or something else?