Forum Discussion

Nimbostratus

Jun 26, 2009

IRule to selectively allow subnets no longer working

Actually 2 issues: 1) We are currently on We used to use the following iRule during maintenance windows to only allow particular subnets to connect. It used to send users not in those s...

Cirrostratus

Jun 26, 2009

Hi,

1. The iRule looks fine. You could create a test VIP and test with that. Try to add logging to see if the match is made. If you're able to reproduce the problem, try adding a OneConnect profile to the test VIP.

2. What is the idle timeout of the TCP profile on the virtual server? LTM should reset the client connection after the idle timeout expires. You might also try setting the node to Forced Offline so that only clients with an active TCP connection to the VIP will be allowed to continue. Disabled means that clients with a valid persistence record will still be able to access the VIP.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

IRule to selectively allow subnets no longer working

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Sending an HTTP request from iRule without delaying client requests

In F5 APM, how to include multiple DNS suffix?

Issue while migrating config from 4000s to r4600

Username is not filled in EdgeClient in the Modern customization

Cert Bundle Manager

Related Content

iRule node selection does not work

Implementing Client Subnet DNS Requests

Working with MasterKeys

Implementing Client Subnet in DNS Requests

Selective SNAT

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS