APM: Portal Access to Configuration Utility

Here's how I have it configured:

1. Create an internal HTTPS/443 VIP (ex. 10.10.10.10:443) for access to the management GUI. A very simple VIP with client and server SSL profiles, SNAT Automap, and the following iRule:

when CLIENT_ACCEPTED {
node 127.0.0.1 443
}

2. Create an APM portal access list object that points to the above URL (ex. https://10.10.10.10).

3. Create your access policy and assign the above resource to a full resource assign agent, plus webtop and other resources as required.

4. Create your portal VIP and assign the above access policy. Now here's where it gets tricky and dependent on your configuration. The portal will rewrite the complete internal URL and the management GUI requires an HTTPS:// front end, so you need the internal VIP to be listening on port 443 and a server SSL profile on the external portal VIP. If you have other portal resources that don't require a server SSL profile it may cause problems with those. I'm certain this can be addressed with an iRule (dynamically turning the server SSL profile on and off), but it may be easier to set up all of the internal portal resources as HTTPS.