Machine Cert Inspection

Question

Need some help with access policy and machine cert inspection.  But first can someone clarify if Machine Cert Inspection is the only action that can be used with a machine cert or can you also use Client Cert Inspection or On-demand Cert Auth in the access policy?  I understand the difference in location of machine vs client.  
&nbsp;
Here's what I'm trying to do.  We want Outlook Anywhere to be accessible externally but only on company owned laptops with a valid machine cert installed.  I've setup an access policy with just the Machine Cert Auth action and applied it to my VIP.  I added logging at the beginning of the policy even before the Machine Cert Auth and the logs never show it hitting the access policy.  The APM log just shows:&nbsp;
Received User-Agent header....
Received client info.....
New session from client IP....&nbsp;
and that's it.  LTM logs doesn't show anything either. I've turned on debug logging for ltm and apm but no additional info in the logs.  How I'm testing is connecting company owned laptop to outside line and opening outlook.  I know it's hitting the VIP from the logs but why isn't it hitting the access policy? I have configured working access policies for client cert checks but this is the first time for a machine cert check.  &nbsp;

leonardo_souza · Answer

Can you provide an image of the access policy you have in the VPE?&nbsp;

rgordon_01 · Answer

Can someone clarify if Machine Cert Inspection is the only action that can be used with a machine cert or can you also use Client Cert Inspection or On-demand Cert Auth in the access policy? I understand the difference in location of machine vs client&nbsp;
thanks!&nbsp;

seth_cooper · Answer

Machine certificate inspection requires to use the edge client or the browser plugins and since the outlook client is considered "clientless" then the inspection will never happen.&nbsp;
You should use client certificates for this use case.&nbsp;
-Seth&nbsp;

jarad_paul · Answer

Trying to do the exact same thing here rgordon, any resolve?  Thanks!&nbsp;

cassidy_king_29 · Answer

Any update?  I am trying to do the same thing.&nbsp;

Forum Discussion

Machine Cert Inspection

Recent Discussions

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Disable ssl or https for the embed url

Related Content

NGINX Virtual Machine Building with cloud-init

F5 Access App and Machine Cert Auth

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

SSL VPN and Machine Cert Inspection

Inspecting a UCS file from a compromised BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS