Is it possible to choose the access profile used based on source IP address?

Question

We are setting up APM as a BCP VPN provider, and there is an ask to vary the security controls in use based on the traffic coming from known enterprise subnets or not. Is it possible, when using APM, to choose the access profile in use, similar to how the SSL profile in use can be chosen?

amine_kadimi · Accepted Answer

Whenever I am forced to used different access profiles, I use an entry VS wich is facing all customers, does not have an access policy and has an associated LTM policy. In the policy I have rules based on the intended conditions (SNI for the attached example) and actions that forward traffic to different internal VS that has the correspinding access profiles.

niels_van_sluis · Answer

I don't think there is a iRule command which you can use to select an access profile the way you can switch with SSL profiles. Instead you could use the IP Subnet Match action that determines whether the client IP address matches an IP subnet. You can do something like below.

&nbsp;

Forum Discussion

Is it possible to choose the access profile used based on source IP address?

2 Replies

Recent Discussions

Find GSLB pool membership from vip IP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Related Content

CSV to Address External Datagroup File

SSL Profiles

Server Profile SNI

Update your DevCentral user profile

User roles per partition: are multiple possible?