Forum Discussion

Nimbostratus

Jul 30, 2012

Source IP restriction without HTTP profile

Hello, I have to create a irule or find any other way. Scenario, I am managing 2 Juniper SA 2500 (SSL VPN) devices in active/active clustering. Each client has their own sub-urls ...

Nimbostratus

Jul 30, 2012

Without an http profile you will not be able to query the URI.

Perhaps you can SNAT all requests from the restricted range to one SNAT pool, and all requests from the unrestricted range to a different SNAT pool. By doing this you could still perform IP restriction at the SA.

when CLIENT_ACCEPTED {    if { [class match [IP::client_addr] equals allowed_nets] } {        snatpool allowedForABC }    else { snatpool everyoneElse }}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Source IP restriction without HTTP profile

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Update your DevCentral user profile

DoS Profiles

Client SSL Profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS