Forum Discussion

Evan_Champion_1's avatar
Evan_Champion_1
Icon for Cirrus rankCirrus
Aug 25, 2016

APM set network access resource variable from iRule

I am trying to set network access resources variables relating to split tunneling via an iRule. Is this possible and if so can you explain how to achieve? I have set network access resource variab...
BIG-IP Access Policy Manager (APM)
iRules
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Aug 26, 2016

Hi,

you need to define 2 variables:

[stanislas@F5adm:Active:Standalone] ~  sessiondump --allkeys | grep -i split
14780e3f.config.connectivity_resource_network_access./Common/myna.client.SplitTunneling 36 2
14780e3f.config.connectivity_resource_network_access./Common/myna.split_tunneling 36 0

The following irule write variables as expected:

when ACCESS_POLICY_COMPLETED {
    if { [ACCESS::policy result] equals "allow" } {
        foreach naprofile [ACCESS::session data get session.assigned.resources.na] {
            ACCESS::session data set "config.connectivity_resource_network_access.$naprofile.split_tunneling" "0"
            ACCESS::session data set "config.connectivity_resource_network_access.$naprofile.client.SplitTunneling" "2"
        }
    }
}