username based resource assign-APM

Question

Hi -

i have users connecting through ssl vpn through F5 - APM - Scenario

user abc.g1 -- only access remote desktop - server 1

user egf.g2 -- only access remote desktop - server 2

user xyz.g3 -- all remote desktops - including server 3

authentication is through RADIUS only .. not AD.

Question -- how could i apply policy based on username -- g1 g2 and g3 are part of username

fallout1984 · Answer

What about (and someone please correct me if this will not work)...

I. Create separate network access policies - see "IPv4 LAN Address Space" in "Network Settings" - (one with only server-1's IP, one with only server-2's, one with all three).

II. Route users to the appropriate network access policy via the local user database (I use this to allow/restrict available IP networks to VPN users). In the local user database, assign the users to groups ("g1" "g2" "g3" whatever...). In APM, after a successful Radius authentication, create a step where the Local User DB is checked and which the user is directed to an access policy based on the group they're in. This could get messy in APM's visual policy editor , however.

Someone may know of a cleaner/better way to do this, but this may work or at least get you started toward a solution.

Good luck,

Alan

Forum Discussion

username based resource assign-APM

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

APM variable assign examples

DevCentral Resources

OWASP Resources for Security Education and Training

APM Webtop didn't appear in the Advanced resource assignment agent in trial VM V17.1.0

F5 Resources for COVID-19

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS