APM - Keep alive a session given a sid
Hi, I'm writing a iRule for keep alive the session with sid read from http header. How can I refresh the session ttl with inactivity timeout value of access profile? when HTTP_REQUEST { set sidToRefresh [HTTP::header value sid] log local0. "sid To Refresh:$sidToRefresh" if { [ACCESS::session exists -sid $sidToRefresh] } { keep alive the session "sidToRefresh" } } Can anyone help me? Thanks
APM: VPN + Azure AD MFA, what license?
Hey, i am new to the F5 universum and i have a question regarding licensing: When using Remote Access SSL VPN in combination with Azure AD for MFA via SAML, what kind of license is needed in such cases? I would assume its one CCU per Connection? - what about those access sessions? Maybe someone could help me out on this, Thanks in advance :)
Difference between max CCU and max access sessions?
Hi all, what is the difference and impact between CCU and access sessions? CCU is straight-forward to me, it is based on licensed and any excess connections will be dropped if CCU goes beyond its licensed limit. What about max access sessions? Looking at the table in the below link doesn't make sense to me. Why is maximum access sessions not equal to max CCU? I would have thought max CCU is limited by hardware capability? https://support.f5.com/csp/article/K15624537APM ACL what is source for IP evaluated
Hi, I am struggling with figuring out what is base for IP evaluated by for example Static ACL in APM. As far as understand ACL object in VPE are only evaluated during Access Policy processing (between ACCESS_SESSION_STARTED and ACCESS_POLICY_COMPLETED) but using ACCESS_ACL_ALLOWED (or denied) I can use ACCESS::acl eval to doper request ACLs. Question is what is used as src and dst IP for ACL evaluation? Is that one of Access Policy variable or actual IPs based on flow? I am asking because I would like to create ACL for forward proxy VS - in this case I can see client IP as src IP but dst IP is VS IP not target server IP (proxy is doing DNS on HTTP proxy request URI - like GET http://www.site.com/something/index.html HTTP/1.1) so in L3/L4 there is no real dst IP known. My idea was to use host from HTTP proxy URI ( do DNSresolveand pass it to access session variable so ACL can use it to evaluate - but not knowing if evaluation is based on session variables makes me wonder if this will work? Piotr
APM ACL what is source for IP evaluated
Hi, I am struggling with figuring out what is base for IP evaluated by for example Static ACL in APM. As far as understand ACL object in VPE are only evaluated during Access Policy processing (between ACCESS_SESSION_STARTED and ACCESS_POLICY_COMPLETED) but using ACCESS_ACL_ALLOWED (or denied) I can use ACCESS::acl eval to doper request ACLs. Question is what is used as src and dst IP for ACL evaluation? Is that one of Access Policy variable or actual IPs based on flow? I am asking because I would like to create ACL for forward proxy VS - in this case I can see client IP as src IP but dst IP is VS IP not target server IP (proxy is doing DNS on HTTP proxy request URI - like GET http://www.site.com/something/index.html HTTP/1.1) so in L3/L4 there is no real dst IP known. My idea was to use host from HTTP proxy URI ( do DNSresolveand pass it to access session variable so ACL can use it to evaluate - but not knowing if evaluation is based on session variables makes me wonder if this will work? Piotr