Forum Discussion
Terry_77423
Altostratus
Altostratususerid to ip mapping - F5 APM
I have been wrestling with how I can share user to ip mappings for VPN connections with internal security devices(namely palo alto firewalls). I found a few great suggestions on here regarding lever...
jtlampe
Cirrus
CirrusI have been working on the irule as we have been having this issue with Mac users. This is what we came up with that didn't constantly log against the F5. It does still check about every 10 seconds so we are going to be watching our production F5s to ensure we do not start overloading with roughly 5k users a day.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
set hsl1 [HSL::open -proto UDP -pool pool_hsl_palo-uid-1]
set hsl2 [HSL::open -proto UDP -pool pool_hsl_palo-uid-2]
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/vdesk/timeoutagent-i.php" } {
set vpnip [ACCESS::session data get "session.assigned.clientip"]
if { $vpnip != "" }{
set user [ACCESS::session data get "session.logon.last.username"]
set domain [ACCESS::session data get "session.logon.last.domain"]
#if pa-vpn table entry for ip does not equal the current user we need to update the firewall#
if { [table lookup -notouch "pa-vpn:$vpnip"] != $user } {
HSL::send $hsl1 "<190>F5_PA_UID_Event uid:$domain\\$user; vpnip:$vpnip;\n"
HSL::send $hsl2 "<190>F5_PA_UID_Event uid:$domain\\$user; vpnip:$vpnip;\n"
log local0. "periodic: F5_PA_UID_Event uid:$domain\\$user; vpnip:$vpnip;"
table set pa-vpn:$vpnip $user 600
}
}
}
}
when ACCESS_SESSION_CLOSED {
set hsl1 [HSL::open -proto UDP -pool pool_hsl_palo-uid-1]
set hsl2 [HSL::open -proto UDP -pool pool_hsl_palo-uid-2]
set vpnip [ACCESS::session data get "session.assigned.clientip"]
if { $vpnip != "" }{
set user [ACCESS::session data get "session.logon.last.username"]
set domain [ACCESS::session data get "session.logon.last.domain"]
HSL::send $hsl1 "<190>F5_PA_LOGOUT_Event uid:$domain\\$user; vpnip:$vpnip;\n"
HSL::send $hsl2 "<190>F5_PA_LOGOUT_Event uid:$domain\\$user; vpnip:$vpnip;\n"
log local0. "periodic: F5_PA_LOGOUT_Event uid:$domain\\$user; vpnip:$vpnip;"
table delete pa-vpn:$vpnip
table delete pa-vpn:$user
}
}