acl
21 TopicsVPN - Disallow networks accessible via access policy "exclude" or via APM ACL instead?
From what I can tell, there are two ways to block access to certain networks via VPN; either by adding them to the "exclude" section of the access policy they're assigned, or by adding an ACL step in APM. An excluded network will still be pushed to the client, but the metric assigned will tell it to go out the "local" connection rather than the VPN tunnel. With an ACL, it's just blocked at the F5. My question is, beyond the example above, is there a reason to use one method over the other? I'm thinking an ACL would be preferable if one wants to "hide" the network(s) they don't want VPN users going to. Thanks!Solved647Views1like1Comment