Select Between Multiple Network Access Resources with the Edge Client

The recent announcements that web browsers will be removing plugin support means that customers will no longer be able to provide Network Access resources to their end users via the APM web top.  Ins...
Published Feb 26, 2015
Version 1.0
BIG-IP Access Policy Manager (APM)
depolyment
design
dev
news
security
tech tip
hansg1114's avatar
hansg1114
Icon for Nimbostratus rankNimbostratus
Feb 01, 2023

Hello.

Recently, a customer company under deployment has designated three Network Access Resources through a single server and used the Edge Client, so I looked it up.

It was very helpful, and I shared it with you because I had a new plan while thinking about it while looking at the contents.

1. After all the authentication procedures in VPE, Logon Page was created before assigning Network Access Resources,
and the values received here were divided using Branch Rules, and each of them was connected to a different Network Access Resource.
This function worked normally, and there was no problem with the service.

2. This is more complicated than room 1, but I thought that customers who only use Edge Client use Always Connected mode (including Allow-in-Enterprise-LAN function).
The Edge Client for Windows did not support disconnecting in Always Connected mode.
Function 1 requires you to log in again every time you change the Network Access Resource, but you couldn't do it on Windows.
To address this, we have adopted a way of separating network access resources by VS so that can be allocated.
The article below is a detailed description including an example. I don't know if it'll help.

1) Create Virtual Server as many as the number of Network Access Resources
- vpn.test.com:10000 (for internal network use)
- vpn.test.com:20000 (for external networks)
- vpn.test.com:30000 (for composite networks)

2) The Connectivity Profile registers all VSs registered in 1) in the Server List.

3) After all the authentication procedures were completed, the VPE created one Empty before assigning a Network Access Resource,
divided into branches using Branch Rules, and each connected a different Network Access Resource.
* The criteria is specified by the server port based on the Client.

4) 1) Perform the same settings (iRule, Connectivity, Access Profile, SSL certificate, etc.) to the VSs registered in and distinguish only the destination port.

There is no setup capture because there is no equipment to test.
But I'm sure those of you who've seen this know what I'm talking about.
It's written by a translator, but I'm writing it because I want to be of help to one person who has the same concern as me.

Best regard,