Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

APM Activesync iRule and PROFILE_RESTRICT_SINGLE_IP variable

Stanislas_Piro2
Cumulonimbus
Cumulonimbus

‎20-Apr-2016 02:13 - last edited on ‎21-Nov-2022 22:26 by Fog

Hi,

 

When configuring APM to authenticate Activesync connections, there are 2 solutions:

 

  • enable irule _sys_APM_ExchangeSupport_main or _sys_APM_ExchangeSupport_main
  • configure exchange profile which enable one of these irule (or another one...)

In these irule, there is the following code:

 

if { ! [ info exists PROFILE_POLICY_TIMEOUT ] } {
    set PROFILE_POLICY_TIMEOUT            [PROFILE::access access_policy_timeout]
}
if { ! [ info exists PROFILE_MAX_SESS_TIMEOUT ] } {
    set PROFILE_MAX_SESS_TIMEOUT          [PROFILE::access max_session_timeout]
}
if { ! [ info exists PROFILE_RESTRICT_SINGLE_IP ] } {
    set PROFILE_RESTRICT_SINGLE_IP        1
}

Why the irule does not retrieve PROFILE_RESTRICT_SINGLE_IP from [PROFILE::access restrict_to_single_client_ip] instead of setting it to 1 which create lots of active sync sessions from several different IPs?

 

to set the variable before , I created the following irule:

 

when HTTP_REQUEST priority 1 {
if { ! [ info exists PROFILE_RESTRICT_SINGLE_IP ] } {
        set PROFILE_RESTRICT_SINGLE_IP        [PROFILE::access restrict_to_single_client_ip]
    } 
}

Is there best solution?

 

Labels:
0 Kudos
1 REPLY 1

Kai_Wilke
MVP
MVP

‎14-Sep-2016 10:28 - last edited on ‎05-Jun-2023 15:50 by Fog

Hi Stanislas,

since 

priority 1
is set. How about...

when HTTP_REQUEST priority 1 {
    set PROFILE_RESTRICT_SINGLE_IP  [PROFILE::access restrict_to_single_client_ip]
}

Cheers, Kai 😉


iRule can do… 😉
0 Kudos
Copyright © 2023 Khoros, LLC