SSL VPN Beyond the Template

Question

So we are looking to SSL VPN with APM. I've gone though the template  to see  what it created and try to build on that but  what i need is  more advanced. I'm looking for a place to start even some example polices.&nbsp;
Here is the flow I need. I know APM should be able to do it just not sure where to start.&nbsp;

User goes portal enters AD Username and Password&nbsp;

a.If user is in a power user AD group and above like app admin,network admin..etc use second factor radius with Entrust/Open AM.
   b.If not allow user to access portal only with app links / no full VPN.&nbsp;

If users passes second factor auth assign IP information based on group i.e PowerUser(subnet1),WebAdmin(subnet2),Network Admin(subnet3)..etc &nbsp;

It seems like it could be possible just not sure where to start next. Any help would be awesome!&nbsp;

alex100_194614 · Answer

I don't see an issue implementing this scenario with APM. Generally speaking, you would have to create different branches based on initial AD query. For different VPN networks your would create 3 appropriate "Network access lists" with corresponding lease pools and assign VPN resource to those branches.

Forum Discussion

SSL VPN Beyond the Template

1 Reply

Recent Discussions

Transaction looks successful but file not downloading

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Legacy ASM Templates

External Monitor Templates

TCP iApp template

F5 SMTP Fast Template - SNAT Not working as expected

Consul Templating BIG-IP Services