Manual Chapter : Overview: Access Policies for F5 Access

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.0.0, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Overview: Access Policies for F5 Access

About access policy branches for F5 Access

You can configure separate access policy branches for F5 Access.
F5 Access does not support client-side checks; however, you can configure an access policy that provides network access for macOS clients by using any of these methods:
  • Create an access policy using
    Client-Side Capability
    . This provides a branch for clients that do not support client-side checks. Assign authentication and a network access resource to this branch.
  • Use an existing access policy with client-side checks. The macOS client will fail to the fallback branch of the first client-side check, if the logon mode is native. If the logon mode is Web Logon, user interaction is required to proceed with the fallback branch. Assign authentication and a network access resource to the fallback branch.
  • Add a
    Client OS
    Access Policy item, and assign authentication and resources to the
    macOS
    branch.
F5 Access for macOS is detected with the following access policy items:
Access policy item
Value
Client Type
F5 Access
Client OS
MacOS

Configuring an access policy for F5 Access for macOS

Configure an access policy to identify and allow access to macOS devices.
  1. On the Main tab, click
    Access
    Profiles / Policies
    .
    The Access Profiles List screen opens
  2. Click
    Create
    .
    The New Profile screen opens.
  3. In the
    Name
    field, type a name for the access profile.
    An access profile name must be unique among all access profile and any per-request policy names.
  4. From the
    Profile Type
    list, select
    SSL-VPN
    .
    Additional settings display.
  5. From the Profile Scope list, retain the default value or select another.
    • Profile:
      Gives a user access only to resources that are behind the same access profile. This is the default value.
    • Virtual Server:
      Gives a user access only to resources that are behind the same virtual server.
    • Global:
      Gives a user access to resources behind any access profile that has global scope.
  6. In the Language Settings area, add and remove accepted languages, and set the default language.
    A browser uses the highest priority accepted language. If no browser language matches the accepted languages list, the browser uses the default language.
  7. Click
    Finished
    .
  8. Click the name of the access profile for which you want to edit the access policy.
    The properties screen opens for the profile you want to edit.
  9. Click the
    Access Policy
    tab.
  10. In the General Properties area, click the
    Edit Access Policy for Profile
    profile_name
    link.
    The visual policy editor opens the access policy in a separate screen.
  11. Click
    Add Item
    .
    The screen is not active while the visual policy editor creates the action. The screen closes and a Properties screen displays.
  12. Click the Endpoint Security (Server-Side) tab, and select Client OS.
  13. Click
    Save
    .
  14. On the MacOS branch, click
    Add Item
    .
  15. Click the Endpoint Security (Server-Side) tab, and select Client Type.
  16. Click
    Save
    .
  17. On the F5 Access branch, add the authentication and resource actions you require. For example, add a Logon Page, Client Certificate, and Resource Assign actions.
  18. When you have finished configuring the access policy, click
    Apply Access Policy
    .
Completed access policy configuration

Example of basic access policy that supports F5 Access

You can configure an access policy branch to direct
macOS
device users to F5 Access, and direct non-F5 Access device users to a fallback branch.
This example displays a simple access policy.
F5 Access for macOS access policy