Forum Discussion
Thanks very much for the response. I wish I was a little more conversant in iRule syntax. Basically I have to search for something similar and torture it to be what I want.
I am going to take the liberty to ask a follow up question. Can I use an irule as a decision point somewhere in the access policy?
For example, we have an access policy which checks for various things (domain of the machine, presence of a certificate, AD group membership, etc.). Once all the conditions have been satisfied, the VPN resource is granted. I would like to add this irule right before the VPN is granted and deny if they are on the disallowed network. The reason I need to add it at that point is that during the previous checks we have other outcomes if they fail. For example if they are not in the correct AD group, they will just get diverted to a Citrix session - and for that we don't care if they are on our network or not since getting a Citrix session does not use an IP address.
So I don't want block access entirely, just when they have gotten to the point where they get the VPN.