NimbostratusHi
We are currenly using APM to allow Android Smartphones to connect using F5 Access. We have an Intune Connector that checks the device is compliant but I now want to limit access to specific IMEI numbers.
I can see in the access logs that the we retreive the IMEI number in the session.mdm.device.imei session variable, but I don't now how to filter access using it.
Any help would be much appreciated.
EmployeeThe simplest way to do this is to use the APM Visual Policy Editor ( although you could use iRules etc instead ). Use an Empty box and check the IMEI session and branch from there
NimbostratusHi Pete
Thanks for answering, I can see how to create an empty box, but how do I perform the IMEI check?
EmployeeHi Andy,
So it depends on what check you want to do. For instance, do you want to check it begins with or contains a string? Or something more complex than that. The short answer is that you have to write a tcl statement which matches what you want.
Often you will use expr which evaluates an expression and returns a Boolean result eg is string longer than 3?
You also use mcget to retrieve the session variables.
An example to check whether the IMEI starts with 123 is below.
expr { [mcget {session.mdm.device.imei}] starts_with "123"}
In the empty box you will have this as the first branch so anything which matches follows that branch, if it doesn't it follows the fallback branch.
I always start these things very simple - add a pop-up box to check you can see the session variable and start the checking with something very simple and move on from there.