disable re-auth for NA accesses to internal resources protected by Access Policies (2FA)
Hi
I have this use-case: users connect to an APM (Network Access). No SNAT so the client virtual IP is then routed in the internal network. They must access some internal resources which are protected by the same APM (Access-Policy with authentication). Specifically for those VPN-SSL users we would like to avoid the authentication step. My idea was to check in the internal resource policy VPE if the user's source IP (the NA virtual IP) is from the LeasePool subnet and do not go through the standard authentication (2FA) for them. However, a session bound to a username is still required. Is there a way to check in the Access session table and perform a lookup based on the virtual client IP to get its SID, and from the the username bound to that SID?
Thanks
Alex