Request from all experience people here

You can also replace the default index page using the Sandbox. The sandbox will host any standard html you can come up with, as well as customized javascript.

 

 

My firepass has a fully customized main page, with links that go to different types of resources. All users get a certain level of access to email and company directory. Other users get a full suite of applications if they pass AV and Firewall checks. I've also added options that go straight to RDP/Citrix. All of this can be done via Landing URI customization. I have an extensive pre-logon inspection policy that evaluates landing URIs as well as endpoint inspectors. Based on the logic of the prelogon inspection, users may be required to auth with just a username/password, local Certificate, and/or RSA token.

 

 

If a user fails a check for a resource, they are re-directed to custom remediation pages explaining what went wrong and what they can do to fix it. I'm doing all of this stuff before the user even logs in for dynamic group mapping to kick in.

 

 

It's been my experience that F5 lacks documentation on the advanced/cool features of Firepass. However, once you figure out how to use the advanced features, its the most customizable, flexible product on the market.

 

 

Good luck!