SSL VPN Beyond the Template

Question

So we are looking to SSL VPN with APM. I've gone though the template  to see  what it created and try to build on that but  what i need is  more advanced. I'm looking for a place to start even some example polices.&nbsp;
Here is the flow I need. I know APM should be able to do it just not sure where to start.&nbsp;

User goes portal enters AD Username and Password&nbsp;

a.If user is in a power user AD group and above like app admin,network admin..etc use second factor radius with Entrust/Open AM.
   b.If not allow user to access portal only with app links / no full VPN.&nbsp;

If users passes second factor auth assign IP information based on group i.e PowerUser(subnet1),WebAdmin(subnet2),Network Admin(subnet3)..etc &nbsp;

It seems like it could be possible just not sure where to start next. Any help would be awesome!&nbsp;

alex100_194614 · Answer

I don't see an issue implementing this scenario with APM. Generally speaking, you would have to create different branches based on initial AD query. For different VPN networks your would create 3 appropriate "Network access lists" with corresponding lease pools and assign VPN resource to those branches.

Forum Discussion

SSL VPN Beyond the Template

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

External Monitor Information and Templates

APM Advanced Customization Examples with Modern Template, v15.1+

Legacy ASM Templates

TCP iApp template

External Monitor Templates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS