Nova_201357
Mar 28, 2016Nimbostratus
APM Dynamic ACL assignment from AD
Greetings!
I had a static ACL applied to a Network Access Resource. In testing static assignment, it worked fine. So I took the same logic and formatted as a F5 ACL, put it in AD, in the test account's "info" attribute.
Using my test client, and viewing the debug logs, it seems to load the ACL (as HEX encoded which seems a little weird) but clearly isn't working. The test client can access any resources it can route to.
I tried :
- to send the entire list as a "one liner" and it wouldn't load.
- to set the list, one ACL per line using widows default line termination (cr/lf) and that didn't work (it loaded as Hex encoded though).
- to set the list, one ACL per line using Unix line termination (lf) and that ostensibly worked the same as number 2 above.
Question: Has anyone done this?
The ACL looks like this:
{ allow tcp any 10.100.32.15:3389 }
{ allow tcp any 10.100.32.15:80 }
{ allow tcp any 10.100.32.15:443 }
{ allow udp any 10.100.1.84:53 }
{ allow udp any 10.100.1.85:53 }
{ deny ip any any }
The goal is to allow remote web developers access to a workstation over RDP and connect to web services they use for testing their work. What am I doing wrong?
Thanks for any pointers.
Mike