Forum Discussion
shashe
Cirrus
CirrusHow do I allow VPN connections from Edgeclients only?
On my Big-IP 16.1.2 APM-VE, I enabled fatclient check policy that is checking for the follwoing client types:
Expression: Client type is Portal Client
OR Client type is Standalone Client
OR Client type is Standalone Client AND Client App ID is F5 Access Client
The fallback option goes to deny page. I want to block all scanning attempts and only legitimate attempts that are originating from Edge clients. However, after implementing this policy, I am showing multiple legit users getting blocked erroneously. when looked at the session ID, I don't see any cleint type in the received info. But, I see MacEdgeClient/xxxx in the user-agent string. The same user when he reattempts to connect, big-IP is picking up the client type as standalone and allowing it.
What should I do in this case to correctly match the user machines?
TIA.
shasheno both windows and mac. I added a condition to match "Edgeclient" or "MacEdgeClient" in the user-agent string to the policy. it seems working now.
- buulam
Admin
Is it consistent behavior? I believe the client does make an initial GET via mini browser first to obtain login details so your additional condition would be correct
