Forum Discussion

kimhenriksen's avatar
Icon for Cirrostratus rankCirrostratus
Apr 22, 2021

irule for identifying corporate network..

I am setting up an always on machine tunnel solution using edge client.. but as the dns location isn´t working with the tunnel service I want to create an irule to use in the vpe that would check if the client is connected to corporate lan.. any one have an idea or have someone done something similar?

8 Replies

  • You can use the "ACCESS_POLICY_AGENT_EVENT" so that one time during the policy check before the network resource is assigned you can check the client IP address and set a custom variable after that use an General purpose “emptyobject and make a branch rule to check if for example "expr { [mcget {session.vpn.private}] == "1" }" and make so that if the customer is in the private IP range then to not assign a "Network_access" object.


  • EDIT:



    Ah for this you don't even need the "ACCESS_POLICY_AGENT_EVENT" event as the EVENT "ACCESS_SESSION_STARTED" will do the job and in that event you can set a session variable like for example "session.vpn.private" and then in the Access policy use as I mentioned an “emptyobject with a branch rule or you could just block users in the event "ACCESS_SESSION_STARTED" that are in the corporate network to start the VPN client similarly to what is shown below:


      • Nikoolayy1's avatar
        Icon for MVP rankMVP

        Yes I forgot that there is such an agent, so you can test with it. Just be carefull to not hit a bug that I saw it was mentioned: