Machine Cert Inspection
Need some help with access policy and machine cert inspection. But first can someone clarify if Machine Cert Inspection is the only action that can be used with a machine cert or can you also use Client Cert Inspection or On-demand Cert Auth in the access policy? I understand the difference in location of machine vs client.
Here's what I'm trying to do. We want Outlook Anywhere to be accessible externally but only on company owned laptops with a valid machine cert installed. I've setup an access policy with just the Machine Cert Auth action and applied it to my VIP. I added logging at the beginning of the policy even before the Machine Cert Auth and the logs never show it hitting the access policy. The APM log just shows:
Received User-Agent header.... Received client info..... New session from client IP....
and that's it. LTM logs doesn't show anything either. I've turned on debug logging for ltm and apm but no additional info in the logs. How I'm testing is connecting company owned laptop to outside line and opening outlook. I know it's hitting the VIP from the logs but why isn't it hitting the access policy? I have configured working access policies for client cert checks but this is the first time for a machine cert check.