Forum Discussion

Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Oct 04, 2006

Checking IP in Pre-Logon Sequence

I need to differentiate based on source IP when some of our vendors are connecting in. I see the variable session.network.client.ip but cannot figure out the syntax of it as well as I need to know if you can use subnet ranges with the variable. Anyone used this sort of thing?

4 Replies

  • Mike,

     

     

    There's information in the FP Wiki on how to use session variables in EPS checks (which sounds like what you're looking for):

     

     

    http://devcentral.f5.com/wiki/default.aspx/FirePass/DynamicGroupSessionVariables.html

     

     

    The example is close to the bottom. Alternately, you can define custom landing URIs for each vendor which will accomplish the same thing, although it requires the vendor to use specific URLs instead of just one base URL.

     

     

    Hope this helps...

     

     

    rcrawley

     

     

    Posted By MikeMaher on 10/04/2006 4:38 PM

     

     

    I need to differentiate based on source IP when some of our vendors are connecting in. I see the variable session.network.client.ip but cannot figure out the syntax of it as well as I need to know if you can use subnet ranges with the variable. Anyone used this sort of thing?

     

     

  • Actually this is not exactly what I am lookin for. I have seen the information you are referring to and it is mostly AD based sessions variables. The specific variable I am speaking of is session.network.client.ip. I want to filter based on the source IP of the incoming client. I have tried using syntax similar to session.network.client.ip == 172.16.29.16 and I get an error when trying to apply. Also I wanted to know if I can use this key with an IP range rather than a single IP?
  • you may upgrade to lastest version (new version change syntax to be 3 digits to make it work with string operator) and try this syntax

     

     

    session.network.client.ip >= "172.016.029.001" and session.network.client.ip <= "172.016.029.254"

     

     

  • I've tried everything posted here, but none of them works fine.

     

     

    Does anyone have any idea about how can this be made?

     

    I've just open a support case, but I don't have any answer yet.

     

     

    Thanks in advance to everybody for their help.