For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nova_201357's avatar
Nova_201357
Icon for Altocumulus rankAltocumulus
Mar 28, 2016

APM Dynamic ACL assignment from AD

Greetings! I had a static ACL applied to a Network Access Resource. In testing static assignment, it worked fine. So I took the same logic and formatted as a F5 ACL, put it in AD, in the test acc...
BIG-IP Access Policy Manager (APM)
dynamic acl
security
Nova_201357's avatar
Nova_201357
Icon for Altocumulus rankAltocumulus
Mar 28, 2016

Hi Brad,

Thanks for chiming in. I tried a single line acl, but it still didn't work. The other thing I did see is that I had a mistake above; "deny" should be reject or discard. So I did change deny to reject, but that didn't do it either.

Should the acl be in straight ASCII? Because what I see in the log is HEX encoded and I'm not sure what that's about.

The ACL looks like this:

8e132485.session.ad.last.attr.info 394 0x7b20616c6c6f772074637020616e792031302e3130302e33322e31353a33333839207d0a7b20616c6c6f772074637020616e792031302e3130302e33322e31353a3830207d0a7b20616c6c6f772074637020616e792031302e3130302e33322e31353a343433207d0a7b20616c6c6f772075647020616e792031302e3130302e312e38343a3533207d0a7b20616c6c6f772075647020616e792031302e3130302e312e38353a3533207d0a7b2072656a65637420697020616e7920616e7920616e79207d

If you were to decode it, you'd get the acl. I thought it would be something you could easily read. I might just delete it and drop it in again with less ACEs for testing. Any other thoughts?

Thanks, Mike