Forum Discussion

Arturo's avatar
Arturo
Icon for Employee rankEmployee
Aug 20, 2013

Create a temporary rule (AFM) based on the request

Hi,

 

I am mimicking the behavior of the FTP auth of checkpoint. I have created the FTP server and now the client has authenticate using the iRule. Now, I would like to create a temporary AFM rule to allow that IP to some other services. Is that possible? Is there any command to do such thing?

 

Regards, Arturo.

 

  • define temporary? Do you mean dynamically, in that you can create a rule on the fly based on certain conditions, that can also be removed on the fly?
  • Yes! For example, in other firewalls you can authenticate through telnet against a TACACS (I have already done it) and that IP (not the authenticated user) will be allowed to access to any or to a selected port... 456 for example. In checkpoint is named client authentication.

     

    If that does not work, I will use the main table to add that IP and allow every IP to the port 456 and reject users based on that table but... :(

     

    Do you understand me?

     

    Thanks, Ar.