Forum Discussion

GreeceMonkey's avatar
GreeceMonkey
Icon for Nimbostratus rankNimbostratus
Nov 14, 2020

Why does this simple APM Policy fail

I recently upgraded my lab from 12 > 15, and now I have APM policy issues. I checked all the logs and there is no clues to what the issue is.

 

My Policy is simple, It is 'Start > Allow' ( so to be this should always work), but I get this message "Access was denied by the access policy. This may be due to a failure to meet access policy requirements."

 

The last line in the session log is "/Common/MyFirstPolicy:Common:ed7c6c9d: New session from client IP 192.168.1.99 (ST=/CC=/C=) at VIP 10.1.1.2 Listener /Common/Test (Reputation=Unknown)

 

Any ideas would be super helpful,

 

Kind Regards

Graham Mattingley

 

 

application delivery
BIG-IP Access Policy Manager (APM)
  • GreeceMonkey's avatar
    GreeceMonkey
    Nov 16, 2020

    Hi Ahmed,

     

    I figured it out, I was doing a simple http test, and the session cookies and MRHSession and LastMRH_Session cookies are inserted with the secure flag set. I changed to 443 and added a cert and it all worked - the message I was getting is below, but it is all fixed now

     

    ---------------

    BIG-IP can not find session information in the request. This can happen because your browser restarted after an add-on was installed. If this occurred, click the link below to continue. This can also happen because cookies are disabled in your browser. If so, enable cookies in your browser and start a new session.

     

    Thank you for using BIG-IP.

    -----------------

     

  • Ahmed_Galal's avatar
    Ahmed_Galal
    Icon for Cirrostratus rankCirrostratus
    Nov 15, 2020

    i dont know about you but its working with me in version 14 are you sure that you have applied policy after changing cuz default is Start>Deny

  • GreeceMonkey's avatar
    GreeceMonkey
    Icon for Nimbostratus rankNimbostratus
    Nov 16, 2020

    Hi Ahmed,

     

    I figured it out, I was doing a simple http test, and the session cookies and MRHSession and LastMRH_Session cookies are inserted with the secure flag set. I changed to 443 and added a cert and it all worked - the message I was getting is below, but it is all fixed now

     

    ---------------

    BIG-IP can not find session information in the request. This can happen because your browser restarted after an add-on was installed. If this occurred, click the link below to continue. This can also happen because cookies are disabled in your browser. If so, enable cookies in your browser and start a new session.

     

    Thank you for using BIG-IP.

    -----------------