Forum Discussion

nabf5guy's avatar
nabf5guy
Icon for Nimbostratus rankNimbostratus
Nov 02, 2023

Is it possible to choose the access profile used based on source IP address?

We are setting up APM as a BCP VPN provider, and there is an ask to vary the security controls in use based on the traffic coming from known enterprise subnets or not. Is it possible, when using APM, to choose the access profile in use, similar to how the SSL profile in use can be chosen?

2 Replies

  • I don't think there is a iRule command which you can use to select an access profile the way you can switch with SSL profiles. Instead you could use the IP Subnet Match action that determines whether the client IP address matches an IP subnet. You can do something like below.

     

  • Whenever I am forced to used different access profiles, I use an entry VS wich is facing all customers, does not have an access policy and has an associated LTM policy. In the policy I have rules based on the intended conditions (SNI for the attached example) and actions that forward traffic to different internal VS that has the correspinding access profiles.