APM combine check for ldap group plus IP ACL

Question

Hi,A client wishes to create an APM policy that will, amongst other things, do the following -&nbsp;The client has a group of users that have to meet two conditions to access the resource.We need to check in combination that the user is both a member of an AD group and that the group also matches an IP ACL.Can this be done using only APM, and if so, how?Or do we need to combine an IRULE and if so, is there a simple way to do this? (we have 30 groups that need to be matched to ACLs).Thanks,Vered

chris1058 · Answer

Hello, veredgfbll cNY State of HealthCertainly! To achieve this, use F5's Access Policy Manager (APM) with an AD Query for group membership and IP ACL matching. Create a compound rule to evaluate both conditions together. If satisfied, allow access; otherwise, deny. Test thoroughly!&nbsp;&nbsp;I hope this suggestion will be helpful for youBest RegardsChris Wright

lucas_thompson · Answer

By IP ACL, do you mean you have a list of IP network addresses and are trying to match those against the client's incoming L4 IP? Or something else?

Forum Discussion

APM combine check for ldap group plus IP ACL

2 Replies

Recent Discussions

"Brighten Your Health: Vitamin Dee Me Gummies Now Available in South Africa"

Need help on CLI command to fetch < VIP Name + current connections >

Glycogen Control Australia Is Right For You See Here

APM combine check for ldap group plus IP ACL

Error in REST https call to get the Auth token v15.1.8

Related Content

Certified Kubernetes Administrator - Study Group

ha group

BIG IP F5 IRule with data group to check if date has passed

snmp-check external monitor

Interrogate Pool Member Priority Group from iRule