F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Network Access
  3. Configuring Address Spaces
  4. Creating a custom address space
Manual Chapter : Creating a custom address space

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

Creating a custom address space

Create an address space by manually adding list of addresses.
  1. On the Main tab, select
    Access
    Connectivity / VPN
    Network Access (VPN)
    Address Spaces
    .
    The Address Spaces list appears.
  2. Click
    Create
    .
  3. In the
    Name
     field, type a unique name for the address space.
  4. In the
    Description
     field, specify a description of the address space.
  5. Select
    Custom
     in the
    Type
     list.
  6. For the
    IPV4 Address Space
     and the
    IPV6 Address Space
    , enter the IP address or network address in the
    CIDR
     field that you want to add to the address space and click
    Add
    .
    In CIDR format, the IP address is written as a prefix, and the suffix indicates how many bits are in the address - for example, 192.0.1.0/32. If you add many addresses for split tunneling, Edge Client cannot establish a tunnel connection. The limits for these addresses are:
    • Windows max limit is 20 KB (each Network Access property)
    • macOS max limit is 64 KB (all Network Access properties)
    • Linux max limit is 64 KB (all Network Access properties)
    • Mobile clients (Android, iOS, Chrome) do not have a limit but may vary based on the platforms' support
  7. For the
    DNS Address Space
    , type the domain name in the form
    site.example.com
    ,
    *.example.com
    , or
    *example.com
     and click
    Add
    . To pass all DNS requests to the internal DNS server, specify
    *
    . If you do not specify a DNS address space or *, DNS does not work over split tunnels on Windows, macOS, Linux, or iOS. To pass all DNS requests to the internal DNS server, specify *. VPNs on Android devices do not support split tunneling.
    Wildcard matching occurs as follows:
    • site.example.com
       matches only site.example.com. On macOS,
      site.example.com
       also matches
      <prefix>
      .site.example.com, for example, a.site.example.com.
    • example.com
       matches only example.com.
    • *.example.com
       matches all
      <prefix>
      .example.com addresses, including site.example.com, example.site.example.com, and www.example.com. However, it does not match example.com with no prefix.
    • *example.com
       matches example.com,
      <prefix>
      example.com (for example, dnsexample.com) and all
      <prefix>
      .example.com addresses, including site.example.com, example.site.example.com, and www.example.com.
    For DNS Address Space to work properly on a Windows-based system, the DNS Relay Proxy service must be installed and running on the client.
  8. Click
    Finished
    .
The address space displays in the Address Space list.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information