Forum Discussion
NimbostratusSome questions about SSL VPN
Hi All,
I have some questions about the SSL VPN solution that F5 networks offers. This are questions that I couldnt find on the website. Hopefully someone can help me out answering does questions. If it is possible, please put a (source)link with your answer.
1) Is it possible to check hosts (endpoints) before and after authentication? For example: check every 10 minutes if there antivirus is running.
2) Is there a possibility to give users different resources when they choose another authentication method? For example with softtoken is access to ftp, webmail and intranet. And when they logon without a softtoken they get only access to webmail.
3) Is it possible to advertise multiple URL's from one appliance? Is it possible to have all different certificates for each URL?
4) After a session is closed, does they big-ip delete all cookies, cache and saved passwords? Also on the servers side?
If someone can answer just one of these questions you are helpfull to me. Thank you in advance.
Wesley
1 Reply
Yann_DesmarestCirrus
Hello,
Endpoint Check is a feature available on APM, you can configure it within your authentication workflow (VPE) and check an option to continously check the endpoint after authentication has been successful.
The Visual Policy Editor (VPE) allow you to define granular authentication policies. So point 2) can be achieved by F5 APM.
Advertising multiple URL is fine. But technically, advertising multiple certificates based on URL is more difficult. You can do it using different hostname on several VIPs or on a single VIP using SSL SNI option for example
When a session is closed, cached session variable are deleted. But keep in mind that some information stay accessible in logs. Moreover, cookie information are handled by the client. When closing the session properly, F5 APM force the browser to delete cookies on the client side. You can also use the "Cache cleaner" feature which is part of the Endpoint Security set of features
