For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

amolari's avatar
amolari
Icon for Cirrostratus rankCirrostratus
Jan 15, 2016

v12 APM, Profile scope

Hi   new feature in v12, the possibility to define the Access Policy Profile scope (Profile / VS / global).   Default is "profile" and is the same behaviour as in pre-12 releases. Anyone has pl...
BIG-IP Access Policy Manager (APM)
security
v12
Arnaud_Lemaire's avatar
Arnaud_Lemaire
Icon for Employee rankEmployee
Jan 15, 2016

Hello Alex,

 

it means that with this feature you can share or not an active session between different profile/virtual server.

 

for virtual : you limit the session information to the virtual server, so if you have the same apm policy on two virtual servers (same config bu different services, imagine a reverse proxy deployement with two web applications) if the user is logged on apm on VS1, when he connect to VS2 his session is not known so he as to log again and go through the policy as it was a different equipment hosting it.

 

for policy : take the same usecase but this time, the user logged on VS1 is automatically known from VS2 sharing the same policy. So no need to relog and go through the policy again.

 

for global you go through a policy the first time you connect to a service and then you can access any virtual whatever the policy on it.