NimbostratusHello,
I'm working on SWG and would like to configure/assign different per-request policy as per client request. - If request is from IP address A or IP address B then use per-request policy A or Per-request policy B, we need to configure dynamic per-request policy.
Is it possible to achieve this using iRule in APM access policy?
Thanks, Sachin
CirrusYou can do it with an iRule. It is not possible use iRules to switch PRPs, but you can create source Ip-based branches within a single per-request policy. In the Per-Request Policy, you can create an Empty action, and assign a branch to it with the following check:
expr { [IP::addr [mcget {session.user.clientip}] equals "10.0.0.0/8"] }
That branch will hit if the IP address comes from 10.0.0.0/8 subnet. There is an IP Subnet Match action the main access policy that is unfortunately not available in Per request access policy - so you need to create it manually.
NimbostratusCirrus
CirrocumulusYou can do it with an iRule. It is not possible use iRules to switch PRPs, but you can create source Ip-based branches within a single per-request policy. In the Per-Request Policy, you can create an Empty action, and assign a branch to it with the following check:
expr { [IP::addr [mcget {session.user.clientip}] equals "10.0.0.0/8"] }
That branch will hit if the IP address comes from 10.0.0.0/8 subnet. There is an IP Subnet Match action the main access policy that is unfortunately not available in Per request access policy - so you need to create it manually.
NimbostratusCirrocumulus
CirrusHi all,
From what I've read, the IP subnet match is now included as VPE agent and no need to manually configure as a rule in version 15. It is under the endpoint security (server-side) per-request policy items