Remediation Website

Question

Hello,&nbsp;
&nbsp;In a nutshell I'm trying to create a remediation website for users on corporate laptops that have corrupted their AV software and cannot get connected to our corporate Firepass to reinstall the AV software. My idea was this:&nbsp;
&nbsp;User logs on to the corporate Firepass and gets denied because of AV software. A error message tells them to go to http://www.company.com/tools which would be a landing URI. Here comes the first problem, how to make the pre-logon sequence recognize that the user is coming in on the /tools landing URI and bypass the AV checks.&nbsp;
&nbsp;So say this is possible then the next step would be when the user gets a logon prompt and enters their credentials they will be presented a webtop. Here is the second problem, how to only give them a web application tunnel link to an internal website that has the AV software on it?&nbsp;
&nbsp;What I have done so far on my test lab Firepass:
&nbsp;1. Created /tools landing URI
&nbsp;2. Created a separate master group for authentication with /tools Landing URI access only
&nbsp;3. Created a remote tools resource group
&nbsp;4. Added remote tools resource group to the master group.
&nbsp;5. Disabled "Allow resource groups to be assigned to this master group using global dynamic resource group mapping."
&nbsp;6. Under Dynamic Group Mapping - Put the new master group above the Default master group. This caused a problem for normal users because now they would be denied access because of the wrong landing URI. If I put the default master group above the new master group then the user would get their normal links which is not desired.&nbsp;
&nbsp;I'm completely open to ideas and suggestions and hope what I've stated above makes sense.&nbsp;
&nbsp;Thanks,
&nbsp;Trever

mike_61719 · Answer

Ok, I will try to answer each one. &nbsp;
&nbsp;Since you created the URI, I will skip that one. &nbsp;
&nbsp;Two major players here. The first is the pre-logon sequence and the other is protected configuration. &nbsp;
&nbsp;PRE-LOGON SEQUENCE &nbsp;
&nbsp;Go into the Pre-Logon sequence and add a custom variable like so session.network.server.land_uri == "antivirus" 
&nbsp;Then you can add custom rules to the sequence after you have the custom variable i.e. virtual keyboard, os check etc... 
&nbsp;At the A/V check failure, add a redirect to the URI you created. In this case it will be antivirus. &nbsp;
&nbsp;PROTECTED CONFIGURATION &nbsp;
&nbsp;Go into the protected configuration piece on Firepass and add a custom check. Example here: session.network.server.land_uri == "antivirus" name it antivirus download. &nbsp;
&nbsp;WEB APPLICATION &nbsp;
&nbsp;Create a web application with the URL being an internal link to the A/V software. Add the antivirus download protected configuration. &nbsp;
&nbsp;------------------------------------------------------------------- &nbsp;
&nbsp;Now all users who access the URI will have access to the single link you just now created if they type in https://firepass.com/antivirus &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

Forum Discussion

Remediation Website

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

F5 Partner Solution Showcase - "ImmuniWeb - Application Security Testing and Remediation"

Remediating Logjam: an iRule Countermeasure

Risk Remediation And The Power Of iRules

Troubeshooting website connection

F5 Websites Accessibility Survey

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS