Forum Discussion

Cirrus

Dec 26, 2018

Can APM provide access to a specific subnet...

I am new to APM and have been asked to provide an external vendor to connectivity to a specific internal subnet through our existing APM SSL VPN. I know how to add App tunnels and RDP access, I just...

application delivery

BIG-IP Access Policy Manager (APM)

AMiles_377865

Cirrocumulus

Dec 26, 2018

Hello Tyson,

I think creating a custom access control list attached to a full webtop seems like the perfect way to solve your problem. There's an f5 article on ACLs here that would be a good place to get started on implementing them into your existing SSL VPN set-up.

Basically, I would have the ACL limit access to a specific destination IP address range (the range being the subnet) for this external vendor. There's a couple different ways of doing it but the basic principle would be the same across the board. The benefit of an ACL is that it is highly customizable; you can set it up however you want.

Feel free to ask if you have any follow-up questions,

Austin

Tyson_James

Cirrus

Dec 27, 2018

Thanks for the feedback. So, I have created a custom ACL and applied it to a full webtop. I have no ideas what this vendor intends on doing once connected ( RDP or SSH into a server, something else???, etc ), so I guess my question now becomes, how to they access what they need? They are used to having a full VPN client, connect to our network and just open up the native Windows applications they need to use. Now, it would seem that any application access would need to be initiated through the webtop. Am I correct in this thinking? If so, how would they do that, since just opening the native Windows applications would bypass the SSL VPN and try to go out their standard Internet connection.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Can APM provide access to a specific subnet...

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)

Using Client Subnet in DNS Requests

Enable SAML Service Provider on F5 Distributed Cloud Application

APM-Specific Features for Securing Your Website

Service Discovery and authentication options for Kubernetes providers (EKS, AKS, GCP)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS