Yes I have it. Just not inserted into the policy as I thought it was just for filtering on MAC address. I inserted it and left it blank this time. It worked! However this is not straight forward for just recording the MAC and not filtering on it. It does seem to initiate the check on the machine and not the expression in the variable assign alone.
Now if F5 can't get the MAC address from the client machine does it go to the denied branch?
Also, I had added the Inspection service on the client before and it didn't work. I took it back off the client after inserting the Machine Info on the access policy and still seems to work.
Thank you!
Justin