APM Machine Tunnel - Machine Cert Auth Check Failing
I have an APM policy configured, with the initial check being 'client type' for a machine tunnel or edge client. After that there is a Machine cert auth check for both edge client and machine tunnel connections, this is identical for both type of client. The machine cert check is successful when the client connects using the edge client, however it is failing when the machine tunnel connection tries to connect. Is there any difference in what the machine cert check does for a machine tunnel and edge client? The f5mcertcheck logs from the client shows exactly the same behaviour for the machine tunnel and edge client checks. One thing I'm not sure about is whether I need to configure the client as per the documentation below, seems to suggest this is for on-demand cert auth? Does the client need this configuration for machine cert check also? https://techdocs.f5.com/en-us/edge-client-7-2-1/big-ip-access-policy-manager-edge-client-and-application-configuration-7-2-1/big-ip-edge-client-for-windows.html#configuring_client_certificates_for_machine_tunnel_authentication Configuring client certificates for machine tunnel authentication When you configure client certificates for the machine tunnel service, you specify the location where the certificates are stored. For on-demand certificate authentication, the F5 Machine Tunnel service can select client certificates present in the service account or from the local computer. Service Account:To select a service account as the certificate store, the F5 Machine Tunnel service should be installed on the client system. This store is local to the f5MachineTunnelService on the device. Local computer:Selecting a local machine store as the certificate store does not require the F5 Machine Tunnel service to be installed. You can specify the location of the client certificate on the local machine. John
Machine tunnel
Hi Guys, we want to use the machine tunnel to just connect the clients wit split tunnel to some license servers. I installed nearly all components and set up the tunnel in registry. Machine Certificate/Info is not working and there is created several apm/ltm sessions. Is there more information about troubleshooting/configuring machine tunnel? Is someone successfully using the machine tunnel without edge client? Thanks and stay relaxed/safe, Sunny regards, Joern