how to configure Static App Tunnel Parameters in APM

Question

Hi,&nbsp;
We are migrating F5 Firepass App Tunnels to APM...and having difficulty in configuring the remote host to local host mapping ....&nbsp;
we have following static tunnel in firepass that we want to migrate to APM...&nbsp;
Remote Host : Port Local Host : Port
MyPC    : 80                127.18.97.182 : 80&nbsp;
We have many app tunnels with port ranges as well, I would appreciate, if someone can help us out in this situation...&nbsp;
I have tried %host% and %port% with different variations but have not succeeded yet.&nbsp;
I would like to know what can we put in the following fields....&nbsp;
Launch Application 
        Application Path
        Parameters&nbsp;
Kind Regards,
WUM&nbsp;

kunjan · Answer

%host% and %port% are valid. Can you provide the configuration you have done? &nbsp;
tmsh list apm resource app-tunnel &nbsp;

alexey_384 · Answer

Just checked, following worked:
Application Path: %ProgramFiles%\Putty\Putty.exe
Parameters: -pw tester root@%HOST%:%PORT%&nbsp;
But this works for a single port only, and doesn't work for a ports range, the whole range is substituted. You may check with browser - you will get something like: http://127.0.0.5:80-82&nbsp;

wum_113639 · Answer

I have just applied %host% in host parameters to take a dynamic source loopback IP from F5 APM to reach the actual destination MyPC and let the ports get mapped automatically.&nbsp;
I have sent email to users to check the behavior after this change, will post the results tomorrow.&nbsp;
Can I put any 127 IP in %....% like %127.x.x.x" just to make it look and behave like old Firepass?&nbsp;
One more thing, can I give access to directories (Folders) using App Tunnels to the users, as the main option has been deprecated in APM? or is there any other way?&nbsp;
Kind Regards,
WUM&nbsp;

alexey_384 · Answer

Local address is not configurable and chose at tunnel launch time randomly (to avoid collisions). But for the first resource it's always 127.0.0.5. On Mac and Linux it's always 127.0.0.1 for all resources. You may use session variables, including custom, but only for the fields you see on resource configuration page. Maybe there is undocumented ability to specify tunnel's local IP, but I don't know about.
The main use case is using DNS Helper: you just use real host names, and DNS Helper substitutes tunnel IPs dynamically. So, if you need my.corporatesite.com, you launch tunnel and go to my.corporatesite.com.

oscar_141263 · Answer

12.1.2 has tmsh commands local-ip and local-port-range&nbsp;

Forum Discussion

how to configure Static App Tunnel Parameters in APM

5 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Brute Force protection for single parameter like OTP

iRules Recipe 4: Static Maintenance Page

BIG-IP BGP Routing Protocol Configuration And Use Cases

Static Route

Wildcard Parameter signature attack