cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

APM - app tunnel restrict

omar_padilla
Altostratus
Altostratus

Hello, dear, I would like you to help me understand the app tunnel in apm, it turns out that I have a simple access policy that has an advanced resource assiggn and there I have configured an app tunnel and a network access, the apptunel exposes a web application, but what I need is that only the users that connect by vpn access that resource, or some way that I can access the internal ip, is this possible? Because as I see the network access and the app tunnel cannot be used at the same time, then how do I restrict this application? , This web application is something like http://10.3.0.128 where the segment 10.3.0.0/24 is the internal vlan, obviously I have no connection when I enter the tunnel app because I am in an external network, then I would have to put an ip of the external vlan (virtual server), or is it that I am making a mistake in my configuration, then I was not clear about how the tunnel app works, what is the benefit, thanks for the help

This application cannot be published with a web portal because it brings problems with the service, so I need to do it through app tunnel

 

 

0691T00000F5rZTQAZ.png

 

0691T00000F5rZYQAZ.png

 

0691T00000F5rZdQAJ.png

 

0691T00000F5rZPQAZ.png

 

0691T00000F5rZZQAZ.png

1 REPLY 1

SanjayP
MVP
MVP

F5 should have connectivity to internal resource. It doesn't need to be exposed to outside (external) VLAN. Apptunnel needs to be configured using the destination (either IP or hostname) of target resource, port, parameter and path of the application (optional) e.g. if it's VMware horizon client, path of the application can be set. Finally apptunnel needs to be published on the webtop.

 

You can refer more info here

 

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-application-access-11-4-0/1.html