Forum Discussion
soymanue
Nimbostratus
Nimbostratus[APM] iOS Device Unique ID / MAC Address white list
Hello
I'm trying to add extra security checks for APM VPN on iOS Devices:
This document (http://support.f5.com/kb/en-us/prod...1-0-3.html) shows how you can use session.client.unique_id to check the Unique ID with this expressión:
expr { [mcget (session.client.unique_id) ] == "bf6bf0e8a9eb3b46daa4a9abd755861a04a94ee4"
It also says that you can easily implement a white list check combining that expression with a LDAP or AD query.
How can I make a RADIUS, TACACS or LDAP query inside an expression to check if the iOS device is included in the company's owned devices list?
Thank you.
5 Replies
Seth_CooperEmployee
Hi Manuel,
The only thing I can think of is to have a custom attribute in AD that you would map to and compare the two entries.
Thanks,
Seth- JMCalalangI use MAC address checks for iOS devices authenticating, plus another step of AD query for the user logging in. the mac query looks like "Expression: expr { [mcget {session.client.mac_address}] == "X:XX:XX:XX:XX:XX" } the hex characters ARE case sensitive.
soymanueI've been able to do it. I had another problem: I didn't know how to convert the result of that expression into a value to check.
It can be done this way:
session.logon.last.username = Expression: expr { [mcget {session.client.mac_address}]
Thank you- soymanueI've been able to do it. I had another problem: I didn't know how to convert the result of that expression into a value to check.
It can be done this way:
session.logon.last.username = Expression: expr { [mcget {session.client.mac_address}]
Thank you - soymanueI've been able to do it. I had another problem: I didn't know how to convert the result of that expression into a value to check.
It can be done this way:
session.logon.last.username = Expression: expr { [mcget {session.client.mac_address}]
Thank you
