Update packet filter rule from icall
My Use Case: We have a proxy client installed on our laptops that performs a captive portal test before it will initiate a connection with a proxy server within it's list. The test tries to reach out to 2 urls and if this test succeeds it will try to connect to a proxy server on it's list. If the 1st test fails by receiving a reset packet from a firewall, it marks itself as behind a firewall and will initiate a connection with a proxy server on it's list. Going through F5 SSL-VPN using edge client is causing the client to fail (never connect to a proxy server) because apm is performing a 3 way handshake to proxy the traffic then forwarding the firewall reset packet. So instead of just sending a syn packet and receiving a rest packet it gets a syn, syn-ack, ack, rst. The client thinks it's connecting and is expecting the 1st test to complete, but it never does. The only way around this was to enable Packet Filters on the SSL-VPN vlan to issue resets for the 2 hosts it is trying to reach out to. The problem now is these systems are hosted through Akamai and the IP Addresses change. Even though you can specify host names in the packet filters, it will resolve the name to an IP when applying the rule and keep it, it never refreshes the IP Address. So I want to create an icall script and handler to detect when someone connects to the SSL-VPN VS and reapply the packet filter to refresh the IP Address. This way we don't have to keep manually reapplying the packet filters. I can create the icall script but I don't know how to trigger it upon a connection. My alternative would be to setup a timer handler to reapply the packet filter every hour, but that may not work 100% of the time. PS We cannot leverage a VS to perform a reset because once you are in the VPN tunnel all other VS are unavailable.