APM-DHCP Access Policy Example and Detailed Instructions

Prepared with Mark Quevedo, F5 Principal Software Engineer May, 2020 Sectional Navigation links Important Version Notes   ||  Installation Guide   ||  What Is Going On Here?   ||  Parameters You ...
Updated Sep 08, 2023
Version 9.0
application delivery
BIG-IP Access Policy Manager (APM)
dhcp
iRules
vpn
Barny_Riches's avatar
Barny_Riches
Icon for Altostratus rankAltostratus
Sep 10, 2024

Can I get clarification as to whether this works on BIG-IP 17.1.x? We need to migrate VPN users to our primary DHCP server, as client-based dynamic DNS registration needs to be disabled to meet security requirements.

  • Enrique_Pernas's avatar
    Enrique_Pernas
    Icon for Nimbostratus rankNimbostratus
    Sep 11, 2024

    I'm sorry but I haven't heard back from anyone and I can't help you. I have tried it on lab VE APM 16.1.3.1 and after messing around with the configuration I managed to get it to work, even with the F5 APM machine tunnel (https://community.f5.com/kb/technicalarticles/f5-big-ip-access-policy-manager-apm-machine-tunnels-for-windows/310896).
    It is advisable to check this Microsoft article to avoid conflicts and errors (RegistrationOverwite 2) in DNS registration vía DHCP:

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-registration-behavior-when-dhcp-server-manages-dynamic-dns-updates

    , as well as take a look at this script, if you are going to change to a dynamic DNS registration via DHCP:

    https://byronwright.blogspot.com/2021/08/script-to-update-dns-record-permissions.html

    I hope this message will be of some help to you.

    • Barny_Riches's avatar
      Barny_Riches
      Icon for Altostratus rankAltostratus
      Sep 11, 2024

      Thank you for your advice Enrique. Again, your success in using this on 16.1.x is very encouraging. I appreciate the other links also.

  • Man_Yau's avatar
    Man_Yau
    Icon for Cirrus rankCirrus
    Sep 11, 2024

    Hi Barny_Riches,

    We have been running VE F5 APM on 17.1.1.2 for a year now with this Iapp. We had no issues with it, do you run into some isssues.

    • Barny_Riches's avatar
      Barny_Riches
      Icon for Altostratus rankAltostratus
      Sep 11, 2024

      Thank you Man_Yau, that is very encouraging. I have yet to deploy the iApp but having read comments about support for v16.x I wanted to confirm whether it was possible before deploying it.  Thank you for your feedback.