Forum Discussion

vmwaretrain_137's avatar
vmwaretrain_137
Icon for Nimbostratus rankNimbostratus
Jan 09, 2014

Landing Page

I have a scenario that I need advice and help configuring. We are planning using APM to manage End points. it is in the planning phase at this stage and testing is soon starting. We have two security zones that we want to configure on f5 for APM. Zone 1 Users who are using a corporately owned devices can connect to the f5 and if the machines meets the criteria of the access policy the f5 will pass through to the web interface and the user can log in Zone 2 Users who are logging in using there own devices are routed to a landing page that has limited access which includes Standard Email, Intranet, Safe File Shares and some low level Applications can some one out there provide advice on how this can be achieved securely and successfully. TMOS is 11.4.1.

 

BIG-IP Access Policy Manager (APM)
security

2 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jan 09, 2014

    The biggest challenge is going to be how you quantify corporately owned and personally owned. Some options include a client side registry check, a subnet or source address check (if maybe coming from different networks), machine certificate check if you can push machine certs to corporate machines, and even potentially the ability to pass Kerberos or NTLM authentication. If you can reliably establish the difference, then a branch condition in the APM visual policy should be pretty straight forward.

     

  • vmwaretrain_137's avatar
    vmwaretrain_137
    Icon for Nimbostratus rankNimbostratus
    Jan 09, 2014

    I have set up a policy for the client side checks to include a registry check for a REG file that we have pushed to all machines via GPO and a an MD5 hash file if the clients have these files they are "Trusted" if they don't the are not. The trusted will hit the Citrix WI the untrusted will hit the "unauthorised" landing page that will allow Email intranet andt the rest previously described. How can i set this landing page up have you got more info or direct links that can assist?