Apple IOS version End Point Security check on APM
We are using BIG-IP APM 11.6.0 HF6 as our VPN gateway to allow VPN client running Apple IOS to access the internal network resource thru the VPN tunnel. I am trying to create a Apple IOS version check in on the APM access policy. Our requirements are any Apple IOS device with IOS version Higher Than or Equal to IOS 9.0 (Including IOS 10.x, 11.x etc) should be allowed to pass the access policy check while any IOS version lower than IOS 9.0 (e.g. 7.1.2, 8.1 etc) should be denied.
We have create the expression below:
expr { [mcget {session.client.platform}] == "iOS" && [mcget {session.client.platform_version}] >= "9.0"}
During testing, apple devices with verion 9.x (e.g 9.3.5) are able to pass the access policy. When we use the latest IOS version 10.0.1, the VPN client was denied due to the above expression. Something is wrong on the above policy. As a wild guess, I think the TCL check the platform version using string comparison from left to right which cause the issue.
We are new to the TCL/iRule and would like to seek help from DevCentral. What changes are required on the APM Access Policy expression in order to achieve our requirement ? (i.e. any Apple IOS devices with IOS version Higher Than or Equal to IOS 9.0 (Including IOS 10.x) should be allowed to pass the access policy check while any IOS version lower than IOS 9.0 (e.g. 7.1.2, 8.1 etc) should be denied.
Highly appreciate for your kind assistance in advance.
Thanks & Regards Patrick