Forum Discussion

mawan_revera's avatar
mawan_revera
Icon for Altostratus rankAltostratus
May 28, 2019

username based resource assign-APM

Hi -

i have users connecting through ssl vpn through F5 - APM - Scenario

user abc.g1 -- only access remote desktop - server 1

user egf.g2 -- only access remote desktop - server 2

user xyz.g3 -- all remote desktops - including server 3

 

authentication is through RADIUS only .. not AD.

Question -- how could i apply policy based on username -- g1 g2 and g3 are part of username

  • What about (and someone please correct me if this will not work)...

     

    I. Create separate network access policies - see "IPv4 LAN Address Space" in "Network Settings" - (one with only server-1's IP, one with only server-2's, one with all three).

     

    II. Route users to the appropriate network access policy via the local user database (I use this to allow/restrict available IP networks to VPN users). In the local user database, assign the users to groups ("g1" "g2" "g3" whatever...). In APM, after a successful Radius authentication, create a step where the Local User DB is checked and which the user is directed to an access policy based on the group they're in. This could get messy in APM's visual policy editor , however.

     

    Someone may know of a cleaner/better way to do this, but this may work or at least get you started toward a solution.

     

    Good luck,

    Alan