Different Prelogin Inspection

Question

Hi,&nbsp;
&nbsp;Does anyone know if it is possible to create different prelogin
&nbsp;inspections based on a user landing on a different URI, or a single prelogin inspection that runs different scans based on
&nbsp;a different landing URI or destination IP address.&nbsp;
&nbsp;The reason why I ask is because we are trying to create two fundamental different uses for the firepass.&nbsp;
&nbsp;Use1: Portal Access Only - Used by staff/students to access web
&nbsp;      based resources from home. No access to Network Access, 
&nbsp;      and no requirement to have a prelogin inspection checking
&nbsp;      for antivirus , spyware etc.
&nbsp;Use2: Portal Access and Network Access - Used by Admins and Staff
&nbsp;      to allow them access to the LAN. Prelogin inspection 
&nbsp;      required to include Antivirus , Spyware checking etc.&nbsp;
&nbsp;If we could have a web link eg. firepass.company.com/students
&nbsp;which limited those that logged in to USE1:, and firepass.company.com/staff that allowed access to Use2:&nbsp;
&nbsp;Kind Regards&nbsp;
&nbsp;Miron du Plessis

i_am_rcrawley_7 · Answer

Posted By mironduplessis on 6/15/2006 4:05 PM&nbsp;
&nbsp;Hi,&nbsp;
&nbsp;Does anyone know if it is possible to create different prelogin
&nbsp;inspections based on a user landing on a different URI, or a single prelogin inspection that runs different scans based on
&nbsp;a different landing URI or destination IP address.&nbsp;
&nbsp;Miron,&nbsp;
&nbsp;Absolutely.  If you haven't received an answer yet, or figured it out, here's how you can do it (assuming that you've already built your custom URI landing pages, so they exist): &nbsp;
&nbsp;1) Create a new blank sequence and open it for editing in the visual policy editor.  &nbsp;
&nbsp;2) Add a new inspection first that does not use one of the built-in inspectors, insert a new rule, and name it accordingly.  &nbsp;
&nbsp;3) For the rule, you'll want to take advantage of the session.network.server.land_uri user variable, documented here:&nbsp;
&nbsp;http://devcentral.f5.com/Wiki/default.aspx/FirePass/EndPointSecuritySessionVariables.html&nbsp;
&nbsp;You will set its evaluation value to the name of your URI, such as "students" or "teachers"&nbsp;
&nbsp;4) Then you can push all of your existing eps checks after this very first check.  So when a user logs in, the eps checks will be determined by their landing URI.  Your results for this rule won't be "Allow Login" or "Deny Login", but instead will start sub-groups with your complete eps checks for your various groups.  &nbsp;
&nbsp;Another helpful tip is to enable variable logging for all users, which dumps all eps variables to the logs on successful login.  This is documented in the help.  WARNING, it will fill up your logs if you leave it on forever.  &nbsp;
&nbsp;Good luck!&nbsp;
&nbsp;rcrawley&nbsp;

miron_du_plessi · Answer

Hi,&nbsp;
&nbsp;Thanks for that, we had worked it out already:-) Apologies 
&nbsp;I should have updated the topic.&nbsp;
&nbsp;Regards&nbsp;
&nbsp;Miron

Forum Discussion

Different Prelogin Inspection

Recent Discussions

XC Bot defense question

UCS backup not loading Big IP DNS pool

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

BIG-IP Oauth Client and AS

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Related Content

Inspecting a UCS file from a compromised BIG-IP

AFM Protocol Inspection rules for CVE-2022-3602 (aka SpookySSL)

Unsupported Snort Keywords in Protocol Inspection

Ingress/Egress VPC inspection with BIG-IP and GWLB

Lightboard Lesson: Perfect Forward Secrecy Inspection Visibility

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS