Forum Discussion
Network Access - Block Virtual machine for VPN connection.
Hi Experts, Would like need your advice how to prevent f5 vpn accessing from virtual machine.Becz we enforced full tunnel,but its still able access internet websites using physical machine...still consider as split tunnel overall .
Is there any way to prevent to use VM machine for VPN.
Thank you!
Kash
- Jorge_ManyaAltocumulus
Hello Kash,
You can use the Machine Info agent to gather information of the laptop that is trying to access the VPN. By using Machine Info agent you can get information that is present only in the physic machine like the HDD and then allow access to the VPN. If you are able to have a list of the physical NIC MAC addresses of the personal laptops, you can filter the access by allowing only those that are in the list.
what exactly are you trying to solve here?
while the virtual machine has no split tunnel then there won't be any communication with it locally. all traffic from the virtual machine will go in the tunnel.
why this focus on a difference between virtual and none virtual machines?
you say something about with a virtual machine it is split tunnel, but why would that be the case?
the big-ip edge client doesn't behave differently on a virtual or non virtual machine.
- KashAltostratus
For clear understanding ,
Objective is to allow vpn users to access intranet sites only .Full tunnel enabled at APM policy.
scenario : I installed Virtualbox with win 10 OS in my laptop. Connect VPN @ vm machine .(Full tunnel enabled) .Able to access intranet sites only using VM browser .( expected result)
But using my physical laptop browser (vm is running and connected to VPN) i can able to access internet websites.Becz its not connected to VPN( expected result).
On above scenario its like a split tunnelling ( vm no access to internet websites , Laptop have access to internet websites ).
so need to block all vm based machines on posture check or is there any other possible ways ?
Note : VPN access via browser not f5 edge client and No cert .
Thank you!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com