APM with F5 2000S

Question

Hi Guys,&nbsp;
I have created an access policy that invokes radius authentication for any user coming from internet. I have also added in that policy that it should not invoke any authentication when users are coming from subnet let's say 192.168.x.x.&nbsp;
The part which is not working is when users are coming from 192.168.x.x. In the logs I see "Rule evaluation with error" and it prompts for Radius authentication. &nbsp;
The policy for excluding the subnet is:
expr { [IP::addr [mcget {session.user.clientip}] equals "192.168.0.0/16"] }&nbsp;
Any suggestions on where I am going wrong &nbsp;
Saurav&nbsp;

arpydays · Answer

try using an rule,
when ACCESS_SESSION_STARTED {
    if { [IP::addr [ACCESS::session data get session.user.clientip] equals 192.168.0.0/16] } {
        ACCESS::session data set session.user.radiusbypass 1
    }
}

then in VPE
expr { [mcget {session.user.radiusbypass}] == 1 }

boneyard · Answer

where did you use your code? could you show the policy?&nbsp;
you could try the ip with the quotes. beyond that nothing stands out a lot, i usually just try part by part until it works :)&nbsp;

Forum Discussion

APM with F5 2000S

2 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

APM variable assign examples

Multi-Stores Citrix environment BIG-IP APM

APM Optimisation Script

Implementing basic OAuth with F5 BIG-IP APM

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator