APM - app tunnel restrict

omar_padilla · ‎09-Oct-2021

Hello, dear, I would like you to help me understand the app tunnel in apm, it turns out that I have a simple access policy that has an advanced resource assiggn and there I have configured an app tunnel and a network access, the apptunel exposes a web application, but what I need is that only the users that connect by vpn access that resource, or some way that I can access the internal ip, is this possible? Because as I see the network access and the app tunnel cannot be used at the same time, then how do I restrict this application? , This web application is something like http://10.3.0.128 where the segment 10.3.0.0/24 is the internal vlan, obviously I have no connection when I enter the tunnel app because I am in an external network, then I would have to put an ip of the external vlan (virtual server), or is it that I am making a mistake in my configuration, then I was not clear about how the tunnel app works, what is the benefit, thanks for the help

This application cannot be published with a web portal because it brings problems with the service, so I need to do it through app tunnel

SanjayP · ‎13-Oct-2021

F5 should have connectivity to internal resource. It doesn't need to be exposed to outside (external) VLAN. Apptunnel needs to be configured using the destination (either IP or hostname) of target resource, port, parameter and path of the application (optional) e.g. if it's VMware horizon client, path of the application can be set. Finally apptunnel needs to be published on the webtop.

You can refer more info here

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-application-access-11-4-0/1.html

DevCentral

APM - app tunnel restrict