Forum Discussion
Challenges with limiting traffic
hi,
im currently working on a remote access solution for a customer. The basics have been set up and works(apm and vpn), but im now struggling with trying to narrow down the access for remote users.
Remote users should only be allowed to access ip addresses ending with a specific number, as a means to limit access beyond the applications they service. In addition, remote users should only be given access to resources they should, and not be able to access ip addresses they dont work on.
Are there any ways to implement such a solution through apm? I have looked at ACL, but static will probably be to manual for the customer, and i havent worked with dynamic ACL's before, so not sure how to set this up properly.
As a test, would it be possible to create a static ACL, or some other form of check, that will allow users access to the correct ip address, if the last octet matches?
- Kai_M__48813Cirrus
would it possible to insert a wildcard in an ACL? The last octet of the ip address remote vendors need to access is the same in every location, so if it is possible to do a check on this, i think this would be a step in the right direction. anyone have any experience with this?
- youssef1Cumulonimbus
Hello Kai M,
in general when I have to manage this kind of use case, I make sure to manage the access directly on the FW. let me explain;
if your F5 equipment is VPN or perimeter security, I guess you put it in a DMZ. So all user access must pass through the FW.
So access management will do it in a simple way: you can give an specific IP for each User... Or a specific range for a specific OU for example...
you only have to manage your access on the FW.
Advantage:
-> independent access management of F5 (we can add additional resources to a user regardless of the F5 owner)
-> Visual management of the rules of access and possibility to control the tracker in case of blocking ...
And I would say a much simpler management ...
regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com