APM App Tunnel solution for SSH access by multi users
Hi, We're trying to seek a way to setup APM App Tunnel for SSH access by multi users(windows or linux) using authentication keys. We've already checked it works with a single user(windows user) and authentication key. As the plan for production setup, we need to set the same APM App tunnel for SSH access but the SSH will be accessed from multi users using their login IDs and authentication keys. I guess Parameters on App Tunnel setup would be the part where can make it work possibly but not sure. Can anyone have any idea to make this work?SSH access through App Tunnel
Hi, I am trying to access SSH to target server using App Tunnel. The SSH server authenticate using authentication public key, not normal password based authentication. I already generated authentication keys and registered on the SSH server and import key on putty. Putty error is showsing as below snapshot when tesed, which I guess regarding Authentication key issue. In this environment, how can I set up App Tunnel, especially Launch Application section?APM App tunnel & Client-side DNS redirector
Hello, I'm currently testing app tunnels but I struggle with DNS. I'd like the user to keep the original application URL. I read in the documentation: "Because app tunnels do not require administrative rights, some features of Network Access [...] are not available with app tunnels. For example, the application tunnel cannot easily resolve domain names in applications without a client-side DNS redirector, or modification of the system hosts file." https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-application-access/configuring-app-tunnel-access.html Do you have examples of "client-side DNS redirector" please? F5 pre-sales told us about the F5 DNS relay proxy but I believe it's only enabled when the Network Access is mounted and the point of app tunnel is precisely not to mount the network access. Thanks,
[APP Tunnel] what does it make a client forward traffic to 127.0.0.5?
Hi Experts, I found an interesting observation but can't explain how it works... In app tunnel, let's say we've got an internal resource which listens on 192.168.0.10:8080. I understand when app tunnel is up, there will be a local socks on 127.0.0.5:8080, which forwards traffic to the backend server via APM and this does work as expected. But on the client, when I also tried accessing 192.168.0.10:8080 on browser directly, it also works, not only in IE but also in Chrome, Firefox... I thought it may be due to sth added in routing table, but there is no static route for 192.168.0.10 traffic being added. So the question is how the client OS knows that traffic to 192.168.0.10 should be send to 127.0.0.5:8080? Anybody know how it works internally?
APM app tunnel - Client application requires multiple remote IP resources
I have set up an APM App Tunnel for SAP GUI client to be used remotely. This requires a resource item using hostname and port 3670 and application path.(this works fine) After the initial connection the client app then attempts to make a connection to a different IP in the same subnet on port 3270. Apparently adding this as another resource item doesn't work. Is it possible to have the app tunnel configured to connect more than a single IP/hostname for a single application?APM app tunnel - Tunnel remains up but client app session times out after 5 minutes.
I have an app tunnel for use with a SAP client. All connects well, but after 5 minutes the client states that the connection to host is broken. The app tunnel stays up, but the client thinks it is down and resets. This is on a windows box.
Forcing MFA to Get to Other Internal Resources With no VPN Tunnel
I have been given a task to provide a front end for system admins that want to rdp or ssh to servers in a secure server room. Up until now they have just connected directly to the server and logged in with their admin credentials. The powers that be have requested that these users now use multi-factor authentication to connect to any server in the secure room. They have asked that we use our existing F5 setup and use APM to present users with a login page. Would the best way to do this be using APM to give users a login page (AD and RSA logins) and then use a split tunnel setup with SNAT to have all traffic go through the F5 to the servers with ACLs limiting the ports that can be used in the connection? What other options would I have with F5? Could an App tunnel help me here? I know the admins all use different apps for ssh access, but they should all be using MS RDP software for their RDP sessions. Thanks for any suggestions that can be given!
APM - app tunnel with spaces in Application Path
i seem unable to create an app tunnel where the Application Path contains spaces. it says windows is unable to find the application, between ' has no effect. if i use " surrounding the Application Path then windows opens the explorer but not my application. using version 11.2.1. what is the way to make this work?
