Forum Discussion

Tatonka_208442's avatar
Tatonka_208442
Icon for Nimbostratus rankNimbostratus
Nov 19, 2015
Solved

Moving from Juniper to F5

Hello, we are moving from Juniper to F5s, need to know if the following is allowed and how. On the Junipers we can allow user roaming sessions which allows mobile user to stay connected even if their IP changes. This is a check box option on the Junipers and need to know if it is possible and how to make it work on the F5 so if the user's IP changes they don't get automatically disconnected. Thanks in advance for the help, Burns

 

APM
BIG-IP
security
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Nov 19, 2015

    Yes. Our client is a bit more advanced. We monitor the PC's routing table, so that they can't bypass any prescribed routes. This includes changing IPs and adapters and manually messing with routes. This option can be disabled or enabled.

     

5 Replies

Sort By
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Nov 19, 2015

    Yes. Our client is a bit more advanced. We monitor the PC's routing table, so that they can't bypass any prescribed routes. This includes changing IPs and adapters and manually messing with routes. This option can be disabled or enabled.

     

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Nov 19, 2015

    Yes. Our client is a bit more advanced. We monitor the PC's routing table, so that they can't bypass any prescribed routes. This includes changing IPs and adapters and manually messing with routes. This option can be disabled or enabled.

     

    • Tatonka_208442's avatar
      Tatonka_208442
      Icon for Nimbostratus rankNimbostratus
      Nov 19, 2015
      Sorry for the obvious question, where is it disable or enabled at and is it a global setting or can be set for a specific set of users?
    • Lucas_Thompson_'s avatar
      Lucas_Thompson_
      Historic F5 Account
      Nov 19, 2015
      No problem! Getting used to a new product is tough. APM is used for a whole slew of use cases, not just SSLVPN Network Access so there are features in the product that don't make a lot of sense outside of it. It's an option in the Network Access Resource, which: 1. You can have multiple different ones. 2. You can use any logic you want to assign it to any user you want. Usernames, groups, certificate contents, results of AV checks, time of day, source IP address, User-Agent headers, geolocation, Windows Hotfix Status, AD Groups, or any combination of these sorts of things. If you're new to APM, I'd recommend checking out the Ops Guide here: https://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide/_jcr_content/pdfAttach/download/file.res/f5-apm-operations-guide.pdf