Configuring a Per-App VPN Using F5 App Tunnels

So if anyone of you has sat in a tech talk of mine, I am sure you have heard me mention the use of F5 app tunnels or split tunnel VPN's. The capability is very similar to the article I wrote about in...
Published Nov 28, 2018
Version 1.0
application delivery
BIG-IP Access Policy Manager (APM)
security
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
jk303's avatar
jk303
Icon for Nimbostratus rankNimbostratus
May 03, 2021

Your second paragraph " When might this be useful? Well the use cases I have seen are for logical Out of Band management solutions and in the event, a user requires network access to internal resources though they do not have permissions to install a VPN client on their workstation. "

 

Q1: I must be missing something - how does this work without a VPN client? How does the putty client know to tunnel via APM session (Browser)?

 

Q2: Can user enter the IP they want to connect on the back-end for ssh/rdp OR does this only work if the webtop / resource is statically per-defined for the user? (ex: I have 1000s of servers on the back-end I would like users to ssh/rdp to).

 

Thank you!