APM-DHCP Access Policy Example and Detailed Instructions
AltostratusCan I get clarification as to whether this works on BIG-IP 17.1.x? We need to migrate VPN users to our primary DHCP server, as client-based dynamic DNS registration needs to be disabled to meet security requirements.
Enrique_PernasNimbostratus
I'm sorry but I haven't heard back from anyone and I can't help you. I have tried it on lab VE APM 16.1.3.1 and after messing around with the configuration I managed to get it to work, even with the F5 APM machine tunnel (https://community.f5.com/kb/technicalarticles/f5-big-ip-access-policy-manager-apm-machine-tunnels-for-windows/310896).
It is advisable to check this Microsoft article to avoid conflicts and errors (RegistrationOverwite 2) in DNS registration vía DHCP:https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-registration-behavior-when-dhcp-server-manages-dynamic-dns-updates
, as well as take a look at this script, if you are going to change to a dynamic DNS registration via DHCP:
https://byronwright.blogspot.com/2021/08/script-to-update-dns-record-permissions.html
I hope this message will be of some help to you.
- Barny_Riches
Thank you for your advice Enrique. Again, your success in using this on 16.1.x is very encouraging. I appreciate the other links also.
Man_YauCirrus
Hi Barny_Riches,
We have been running VE F5 APM on 17.1.1.2 for a year now with this Iapp. We had no issues with it, do you run into some isssues.
- Barny_Riches
Thank you Man_Yau, that is very encouraging. I have yet to deploy the iApp but having read comments about support for v16.x I wanted to confirm whether it was possible before deploying it. Thank you for your feedback.