Forum Discussion

Nimbostratus

Jul 30, 2012

Source IP restriction without HTTP profile

Hello, I have to create a irule or find any other way. Scenario, I am managing 2 Juniper SA 2500 (SSL VPN) devices in active/active clustering. Each client has their own sub-urls ...

Nimbostratus

Jul 30, 2012

Without an http profile you will not be able to query the URI.

Perhaps you can SNAT all requests from the restricted range to one SNAT pool, and all requests from the unrestricted range to a different SNAT pool. By doing this you could still perform IP restriction at the SA.

when CLIENT_ACCEPTED {    if { [class match [IP::client_addr] equals allowed_nets] } {        snatpool allowedForABC }    else { snatpool everyoneElse }}

Forum Discussion

Source IP restriction without HTTP profile

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

URL

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Irule for restricting access

SSL Profiles

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header