Forum Discussion

jsmith294_47458's avatar
jsmith294_47458
Icon for Nimbostratus rankNimbostratus
Jun 03, 2010

Pre-Logon Sequence

I have been trying to figure out how to add multiple IP address segment checks to a pre-logon sequence. I currently have a rule in place using "session.network.client.ip == "IP address here" but what if I have multiple IP ranges?
BIG-IP Access Policy Manager (APM)
remote access
security

11 Replies

Show More
  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Jun 04, 2010
    If it fails, it generally means it is not a valid variable. Ok, so do this.

     

     

    On the Firepass, go to Device Management -> Maintenance -> Troubelshooting Tools -> Check the box labeled "Save user's session variables to logon report".

     

     

    Check the user's logon session network ip variable. On the pre-logon sequence, copy the variable listed in the report to the session.network.client.ip == "0x0.x0x.xxx.000"

     

     

    Make sure it is a one to one match. Then test the pre-logon.

     

     

    Do not use a mask or any other variable. Use the exact IP address the user is coming in as.