APM Cannot Access Sesssion Variable Created by Irule
Hello, I am trying to pass the uri from an irule to the APM via a session variable However, the APM cannot find the variable. Here is the statement to generate the session variable. ACCESS::session data set session.user.custom.uri [HTTP::uri] I can see the variable in the console in Access››Overview:Active Sessions. dbe31cda.session.user.custom.uri I can also see it with the session dump command: sessiondump --sid=dbe31cda| grep custom.uri dbe31cda.session.user.custom.uri 18 /xxx/yyyy However, the APM cannot find the variable. variable "session.user.custom.uri" was not found in the local cache for session "dbe31cda" 'getSessionVar()': 594: try to get it from MEMCACHED variable "session.user.custom.uri" for session "dbe31cda" was not found in MEMCACHED Any ideas? JeffreyBIG-IP Next Access presentation/demo
Hi everyone! Luke Lehman, BIG-IP Next Access product manager, will be joining us for a zoom presentation/demo on December 12th at 9am pacific standard time. Come see what's brewing for APM! If you have any questions before the session, drop them below. Zoom Session Link Oh...and we just might have an ugly sweater or two to give away to attendees!
Load webtop from F5 Access edge client
I have an access profile set up for iOS devices to create a VPN connection via the F5 Access edge client. The network portion is working great. What I am struggling with is trying to present a set of bookmarks via webtop to frequently accessed resources people are accustomed to seeing (migrating from Pulse Secure). I have not found a way to display those bookmarks in the F5 Access client like Pulse Secure does. The closest I have come is a redirect either in the client (portal webtop) or Safari (via network access app launcher) to our portal page. Problem is, that requires them to login again since it is another session. I'm extremely new to all of this, so I'll keep poking around, just wanted to see if there were any suggestions from the community. Thanks!limit IP access to certain URIs
Hi, I am looking for help creating an IRULE for the following conditions: Allow access to two URIs within the policy to a specific group of IPs. Disallow access to these URIs to all other IPs. I tried creating a traffic policy for this but was unsuccessful. Thanks Veredlimit IP access to certain URIs
Hi, I am looking for help creating an IRULE for the following conditions: Allow access to two URIs within the policy to a specific group of IPs. Disallow access to these URIs to all other IPs. I tried creating a traffic policy for this but was unsuccessful. Thanks VeredCan I Capture Outlook Login Details With no Login Page in APM?
I'm working with a customer that wants to use APM to handle some more granular access to their Exchange 2016 servers that are being load balanced by LTM. Is there a way I can create an access policy that can determine the user or UID of a user when they attempt to connect to exchange through Outlook? They want to make it so certain users do not have access to Exchange based on their IP and an AD attribute. If i were just IP it would be easy enough. I can't figure out how to capture any username information without having a login page. Any ideas?
Access problem to virtual server
Hi, I had a very unusual problem; i could not ping virtual server ip from the client A, however, when client B want to ping same vs, first Packet was dropped then ping would be successful. After that, client A ping the vs successfuly. When i look at the arp table of client A, i could not see the mac of vs under the condition of not pinging.
BIG-IP APM Machine Cert Auth poblem
Dear F5 Expert Now i have implementation BIG-IP APM SSL VPN Auth with AD and Machine Cert Auth, For AD auth is work fine. But for Machine Cert Auth i found debug log is found Cert and verify key success. But i don't know why APM didn't forward client to authen page. Here's my configure SSL Self sign with ZERO SSL my SSL profile root domain and chain to ZERO SSL APM VPE i just verifu machine cert and allow 2 option verify key and not verify, i just check SN cert only. here's CA profile, i just use CA Cert from ZERO SSL and the last one here's Log on utility and access report Info 2024-03-03 16:23:18:016 \CertCheckImpl.cpp, CCertCheckImpl::Verify, Store name:"MY", Store location:"LocalMachine", Subject match FQDN:"false", Allow elevation UI:"true", Serial number(HEX):"00898ad22f5f67b4c15e15187d63d0592a", Issuer:"", SubjectAltName:"" Info 2024-03-03 16:23:18:016 \CertCheckImpl.cpp, CCertCheckImpl::Verify, certInfo:STORE_NAME:MY&STORE_LOCATION:LocalMachine&ALLOW_ELEVATION:1&MATCH_FQDN:0&SN:00898ad22f5f67b4c15e15187d63d0592a&ISSUER:&SAN:, RootCertInfo:IS_TRUSTED:0, Nonce: cWQ2NDNQZHpDbzdKNnRvbWN5SW8= Info 2024-03-03 16:23:18:017 \certinfo.cpp, CCertInfo::FindCertificateInStoreExt:, Total certs tested: 1 Info 2024-03-03 16:23:18:017 \certinfo.cpp, CCertInfo::FindCertificateInStoreExt:, Found matched certificate Info 2024-03-03 16:23:18:023 \certinfo.cpp, CCertInfo::IsPrivateKeyPresent, GetPrivateKey succeeded: found private key. Info 2024-03-03 16:23:18:023 \CertCheckImpl.cpp, CCertCheckImpl::CheckPrivateKey, The machine certificate has private key on this machine Info 2024-03-03 16:23:18:033 \CertCheckImpl.cpp, CCertCheckImpl::Verify, Found key successfully using current user Info 2024-03-03 16:23:18:033 \CertCheckImpl.cpp, CCertCheckImpl::CheckPrivateKey, Signing message succeeded Info 2024-03-03 16:23:18:066 CUAgentHost::downloadNextAgent() - sending request to server "https://www.kotchagorn.com:10443/my.policy_host?dummy=45b47b8aeb5c96285f65f295ffa35237" Info 2024-03-03 16:23:18:067 CUAgentHost::downloadNextAgent() - POST data "version=2.0&client_data=c2Vzc2lvbj0xMzJhNWY3YzhlYzgxODg5MmNiNjJhZmQ4M2MzYjFjYyZkZXZpY2VfaW5mbz1QR0ZuWlc1MFgybHVabT Info 2024-03-03 16:23:18:166 <URL>/logon</URL> Info 2024-03-03 16:23:18:170 EPCHECK \f5/EPCheck/MultiInstancePolicy.h, f5::EPCheck::MultiInstancePolicy<class EventSink>::stop, waiting for worker thread to exit Info 2024-03-03 16:23:19:534 EPCHECK \f5/EPCheck/MultiInstancePolicy.h, f5::EPCheck::MultiInstancePolicy<class EventSink>::run, worker thread exit Info 2024-03-03 16:23:19:536 EPCHECK \f5/EPCheck/MultiInstancePolicy.h, f5::EPCheck::MultiInstancePolicy<class EventSink>::stop, worker thread exit Info 2024-03-03 16:23:19:545 CUAgentHost::~CUAgentHost() - enter Info 2024-03-03 16:23:19:545 CAtlBrCon()::~CAtlBrCon() Info 2024-03-03 16:23:19:545 CUAgentHost::~CUAgentHost() - exit Info 2024-03-03 16:23:19:547 EPCHECK wWinMain, Endpoint check server process finished (res), 0 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert./Common/Kotchagorn_vpn_act_machinecert_auth_ag.certificate_revoked' set to '0' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert./Common/Kotchagorn_vpn_act_machinecert_auth_ag.certificate_verified' set to '0' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert./Common/Kotchagorn_vpn_act_machinecert_auth_ag.error_message' set to ' X509_verify_cert failed: error #: 20 at depth 0, error message:unable to get local issuer certificate ' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert./Common/Kotchagorn_vpn_act_machinecert_auth_ag.result' set to '0' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert./Common/Kotchagorn_vpn_act_machinecert_auth_ag.signature_verified' set to '1' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert.last.certificate_revoked' set to '0' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert.last.certificate_verified' set to '0' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert.last.error_message' set to ' X509_verify_cert failed: error #: 20 at depth 0, error message:unable to get local issuer certificate ' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert.last.result' set to '0' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.check_machinecert.last.signature_verified' set to '1' 2024-03-03 23:23:18 /Common/Kotchagorn_vpn:Common:83c3b1cc: Session variable 'session.policy.inspectionhost.status' set to 'done' Anyone please guide me please Best Regards,
