Forum Discussion

Angela_Poore_51's avatar
Angela_Poore_51
Icon for Nimbostratus rankNimbostratus
Feb 17, 2011

Configuring FirePass for Edge client app on iOS

I have read through the how-to guide for configuring FirePass for clients using the new iOS Edge Client App. I'm not seeing a way to limit access to this connection to only these iOS clients. I would like to setup a separate URI that maps to a specific master & resource group giving access to resources just for iOS clients. How can I limit this URI to only iOS clients when I can't put anything in the prelogon sequence? Any ideas?
  • You can set the specific settings to the IOS application itself. Turn on logging in the maintenance settings. Go to Maintenance -> troubleshooting tools and select Save user's session variables to Logon Reports. Log on to the Firepass and click on the user. It will report a bunch of session data specific to the application.
  • Thanks Mike. Then where can I put in the check for that session data? The doc says nothing can be added to the prelogon sequence check.
  • It would be in the pre-logon sequence. You can also map a master group by the session variable if you so desire.
  • Hi Angela, are you using the Edge client or the Edge Portal client? Just want to make sure. In your prelogon sequence, the ui_mode will be "full" when using the Web Logon option or "Standalone" when you don't use Web Logon.

     

    Standalone is a better option as you can then add a check to see is %session.agent_info.platform% is equal to iOS. This comes from the app itself when not using Web Logon mode.

     

    Hope that helps!

     

  • We are looking at the Edge client. These suggestions include modifying the prelogon sequence. The documentation states that for the Edge iOS client the prelogon sequence must be blank. What are my options then? Thank you!
  • Posted By Angela Poore on 02/22/2011 09:21 AM

     

    We are looking at the Edge client. These suggestions include modifying the prelogon sequence. The documentation states that for the Edge iOS client the prelogon sequence must be blank. What are my options then? Thank you!

     

     

    The answer is yes and yes.

     

     

    You can have a pre-logon sequence enabled. I recommend leaving it enabled. There are some session variables tied with the ssl vpn edge client that can be used to further enhance security.

     

     

    Without a pre-logon sequence, you're asking for trouble IMO.