Forum Discussion

JWhitesPro_1928's avatar
JWhitesPro_1928
Icon for Cirrostratus rankCirrostratus
Nov 20, 2018

VPN/Network Access ACLs

Can AFM control the traffic of connected network access clients? I am trying to find a way to create VPN ACLs that is easier than the APM ACLs...not being able to use object groups or address lists ...
AFM
BIG-IP Access Policy Manager (APM)
security
JWhitesPro_1928's avatar
JWhitesPro_1928
Icon for Cirrostratus rankCirrostratus
Nov 21, 2018

To add to this:

 

A single line in a cisco ACL can result in 50-100 or even more in the VPN acl since you can only do 1 source, one destination and one port in each acl rule. Is this not a problem for anyone else?

 

The only other thing I thought of was making a IP forwarding virtual server on the F5 that would catch all traffic from the VPN subnet so I could use AFM to create the rules...the problem there is that I miss out on being able to apply ACLs per session easily without having to check and make sure everything lines up perfectly between these two ways of setting acls.

 

Should I put in a feature request for VPN acls to get a more modern configuration interface/functionality?