We have an issue on access profiles per-session policy. We tried to create SAML Identity Provider for Applications, Network Access Setup Wizard for Remote Access, or manual create configuration using this guide https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-saml-configuration/using-apm.... We also tried to create VS and Per-session policy profile manually.
In our testing all method we tested above result in connection reset. It seems to stuck or failed on step LOGON from visual editor policy. We did tcpdump during this operation, we found out that F5 send connection reset after return agent_logon_form.eui.
Any place we should look into?
note: There is no firewall in between.
We manage to resolve this with help from F5 engineer. It turns out that BigIP need Ipv6 to be activated, even though your external client use ipv4 only.
We notice additional information. Using any local resource (webtop, logon page, message box,etc) in visual editor policy will cause connection reset. But using external resource ie. pool, or external logon page will work.
I'm getting this problem with just a standard form based login on the APM, which comports with this statement. Ours is inconsistent behavior and seems to happen more with our highest traffic APM service (VPN). Did you move all yoru host files to an external host to resolve this behaivor?