Forum Discussion
FirePass to APM Conversion - tcl help needed
I am hoping this is the correct forum ...
How do I replicate this functionality from the FirePass in APM ? I make extensive use of Network Access, so rather than manage lots of resources and the associated assignments. To control IP address access on a per user basis, this is stored in Active Directory in the notes field, which is basically free text, of the user profile. The entry looks like this ...
FirePass
VPN: 192.168.0.0/24 192.168.1.3 192.168.5.15 192.168.128.0/25
VPN_Exclude: 192.168.0.0/28
When the FirePass parses this it creates the session variables %session.ad.auth.vpn% and %session.ad.auth.vpn_exclude%, which contain their respective values. I then use the session variables as the Lan space address in the network access resource.
The APM, handles this very differently. The session variable becomes attr.info and set to '46697265506173730d0a56504e3a203139322e3136382e302e302f3234203139322e3136382e312e33203139322e3136382e352e3135203139322e3136382e3132382e302f32350d0a56504e5f4578636c7564653a203139322e3136382e302e302f3238', which is the hex ASCII representation. Ultimately I need to end up with a session variable such as attr.info.vpn, that would contain the list
192.168.0.0 255.255.255.0
192.168.1.3 255.255.255.255
192.168.5.15 255.255.255.255
192.168.128.0 255.255.255.128
I can use this in the network access resource in the same way as the FirePass. I am not familiar with tcl, but I do know that I can use the binary format command to convert the session variable back to a string. I am wondering if anyone else has had to solve this problem or something similar or can help with the code.
Thanks.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com