Forum Discussion
NimbostratusiRule to statically assign IP to user
Hi all,
We are trying to create a new rule to assign static ip to VIP users when APM sesssion is started.
Our first approach is to get session.logon.last.username to a variable, create an array with login id's an ip address for each one, and then find user login in the array to get the ip address value
we have:
when ACCESS_SESSION_STARTED {
# get user from APM session
set usuario_login [ACCESS::session data get "session.logon.last.username"]
# users <-> IP list
array set ips_estaticas {
"usr1" "XXX.XXX.XXX.XXX"
"usr2" "YYY.YYY.YYY.YYY"
"usrN" "ZZZ.ZZZ.ZZZ.ZZZ"
}
How could we look for the user in the array to get the IP?
Thanks a lot
Andres
4 Replies
- Injeyan_Kostas
Nacreous
It would be better to create a new Network resource with dedicated pool for your VIPs
of course they will not have dedicated IP but dedicated pool
On top of that you could also integrate APM, with irule, with your FW. So could use User Identity on your rules and do not even care about IP - Juergen_Mang
MVP
This is described here: https://my.f5.com/manage/s/article/K13300
- Melissa_C
Moderator
Hello Soportesegurida
Wanted to see how creating your new irule was going and if the information from Injejan_Kostas and Juergen_Mang had got you to where you needed to be, if so would like to encourage you to update and mark the solution. However, if you still need assistance let us know and we can try to get you in the right direction.
-Melissa
SoporteseguridaHi,
Finally, the rule were have applied, gets the username from the session logon, and matches against a datagroup where we have a relation of user <-> ip. In the VS we have configured a IPv4leasepool that should assing an ip, and if the user is one of DG, the ip will be overwritten with those from the DG, and if not, it will use ip from lease pool
We have checked and is working, althouth perhaps it is not the best solution.
Thanks for your help
