On my Big-IP 16.1.2 APM-VE, I enabled fatclient check policy that is checking for the follwoing client types:
Expression: Client type is Portal Client OR Client type is Standalone Client OR Client type is Standalone Client AND Client App ID is F5 Access Client
The fallback option goes to deny page. I want to block all scanning attempts and only legitimate attempts that are originating from Edge clients. However, after implementing this policy, I am showing multiple legit users getting blocked erroneously. when looked at the session ID, I don't see any cleint type in the received info. But, I see MacEdgeClient/xxxx in the user-agent string. The same user when he reattempts to connect, big-IP is picking up the client type as standalone and allowing it. What should I do in this case to correctly match the user machines?
Is it consistent behavior? I believe the client does make an initial GET via mini browser first to obtain login details so your additional condition would be correct
I hven't heard any issues so far and not seeing any denied sessions. So I say it's catching the intiail get requests. Maybe if the user-agent changes in future, I start seeing the issue again???
