Forum Discussion
zafer
Apr 11, 2016Nimbostratus
Time based VPN restriction
Hi All,
Our users Authenticate from Active Directory. We have custom software and DB for storing users info and credential.
For example :
User A : vpn enabled user and AD group X and work ...
Stanislas_Piro2
Apr 14, 2016Cumulonimbus
Hi,
you can :
- Configure AD attributes like starthour and endhour with format : 8:00
-
create variable assign with following expression:
session.custom.starthour = [clock scan [mcget {session.ad.last.attr.starthour}]]
session.custom.endhour = [clock scan [mcget {session.ad.last.attr.endhour}]]
- check if starttime is in expected range with:
Branch expression
expr { [mcget {session.user.starttime}] >= [mcget {session.custom.starthour}] && [mcget {session.custom.endhour}] >= [mcget {session.user.starttime}] }
- define max session timeout variable to disconnect user at expected hour
session.max_session_timeout =
expr { [mcget {session.custom.endhour}] - [mcget {session.user.starttime}] }
So, you can do what you want...
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects