We would like to limit the bandwidth utilization for a specific traffic stream from APM Big IP Edge client VPN users connected to the F5 Big IP APM. This traffic is tunneled on the PPP interface and I am wondering if we can someway apply a bandwidth Controller policy to a PPP tunnel (perhaps via Irule) and restrict traffic to a specific IP address (f.e. 220.127.116.11). But I guess this is going to be a difficult one and question if this is feasible.
I was thinking perhaps to create an IP forwarding VS with IP address 18.104.22.168 that "listens" on internal PPP interfaces only and apply the bandwidth controller there. Would the APM tunneled traffic still be matched and handled by this VS?
For per-request policy you will need a VS that captures the traffic after the VPN VS and decrypts and has http profile, so this will work only for web traffic but 80% of the traffic probably is web in the VPN, so wildcard SSL cert will do the job. Also maybe enable split tunnel as not all traffic to go to the F5 device.