Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Sep 18, 2012

[APM] iOS Device Unique ID / MAC Address white list

Hello

 

I'm trying to add extra security checks for APM VPN on iOS Devices:

 

This document (http://support.f5.com/kb/en-us/prod...1-0-3.html) shows how you can use session.client.unique_id to check the Unique ID with this expressión:

 

expr { [mcget (session.client.unique_id) ] == "bf6bf0e8a9eb3b46daa4a9abd755861a04a94ee4"

 

 

It also says that you can easily implement a white list check combining that expression with a LDAP or AD query.

 

How can I make a RADIUS, TACACS or LDAP query inside an expression to check if the iOS device is included in the company's owned devices list?

 

Thank you.

 

 

 

 

APM
remote access
security

5 Replies

Sort By
  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Sep 18, 2012
    Hi Manuel,

     

     

    The only thing I can think of is to have a custom attribute in AD that you would map to and compare the two entries.

     

     

    Thanks,

     

    Seth
  • JMCalalang's avatar
    JMCalalang
    Icon for Employee rankEmployee
    Sep 19, 2012
    I use MAC address checks for iOS devices authenticating, plus another step of AD query for the user logging in. the mac query looks like "Expression: expr { [mcget {session.client.mac_address}] == "X:XX:XX:XX:XX:XX" } the hex characters ARE case sensitive.
  • soymanue's avatar
    soymanue
    Icon for Nimbostratus rankNimbostratus
    Sep 25, 2012
    I've been able to do it. I had another problem: I didn't know how to convert the result of that expression into a value to check.

     

    It can be done this way:

     

    session.logon.last.username = Expression: expr { [mcget {session.client.mac_address}]

     

    Thank you

     

  • soymanue's avatar
    soymanue
    Icon for Nimbostratus rankNimbostratus
    Sep 25, 2012
    I've been able to do it. I had another problem: I didn't know how to convert the result of that expression into a value to check.

     

    It can be done this way:

     

    session.logon.last.username = Expression: expr { [mcget {session.client.mac_address}]

     

    Thank you

     

  • soymanue's avatar
    soymanue
    Icon for Nimbostratus rankNimbostratus
    Sep 25, 2012
    I've been able to do it. I had another problem: I didn't know how to convert the result of that expression into a value to check.

     

    It can be done this way:

     

    session.logon.last.username = Expression: expr { [mcget {session.client.mac_address}]

     

    Thank you