For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

scorpa_121336's avatar
scorpa_121336
Icon for Nimbostratus rankNimbostratus
Oct 23, 2014
Solved

F5 apm ACL ACES bypassed

Hello folks!   I'm having strange problem on one of our BigIP with SSL VPN. We are using APM to provide SSL VPN and assign ACL to control user behavior on L4. In access policy we authenticate user...
application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iRules
security
TMSH
  • kunjan_118660's avatar
    kunjan_118660
    Oct 27, 2014

    It seems like some other VS is catching the traffic instead of internal built-in APM virtual(_tmm_apm_fwd_vip).

     

    Try to do a tcpdump (tcpdump -ns0 -i 0.0:nnn) which can verify this.

     

    I guess you also might see the problem of ACCESS_ACL_ALLOWED event not triggered because of this issue.

     

Pratik_125797's avatar
Pratik_125797
Icon for Nimbostratus rankNimbostratus
Jun 10, 2015

I guess once the user is authenticated and is sitting on allow branch the ACLs are not executed on every request. Probably the traffic needs to be controlled by the firewall. I am facing the same issue, please let me know if anybody has a solution.