APM session policy based on IP address datagroup?
Hi everyone We currently use LTM policy to use datagroup as ACL for virtual server access. After LTM ACL is accepted, APM policy will create a session etc But I was thinking to optimize it, so that LTM policy is not executed for every request while APM session is active So, I am thinking of removing the LTM policy that does IP matching and adding a step in APM per-session policy to do IP matching. Under APM there are 2 areas that can be used - IP subnet matching or ACL matching We have 100s, if not 1000s of IPs, and not sure if either of the 2 would be able to work with it without reaching limits of sorts. Have a call with F5 support to confirm the limits. But I wanted to investigate the idea, if its possible to execute a policy/iRule from within APM that would use existing datagroup/external file datagroup to perform the check. Can anyone assist with a clean way of doing it? I am thinking having a step to execute iRule that inserts some sort of variable into APM session (say isIPAllowed) and then in the next step check if that isIPAllowed = 1 and branch out from there?