Manual Chapter : Configuring Virtual Servers for Network Access

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0

back-action BIG-IP Access Policy Manager: Network Access

Updated Date: 04/01/2026

Configuring Virtual Servers for Network Access

When creating a virtual server for an access policy, specify an IP address for a single host as the destination address.

  1. On the Main tab, click Local Traffic > Virtual Servers.

    The Virtual Server List screen opens.

  2. Click the name of the virtual server you want to modify.

  3. For the Destination Address/Mask setting, confirm that the Host button is selected, and type the IP address in CIDR format.

    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a /32 prefix.

    Note: The IP address you type must be available and not in the loopback network.

  4. In the Service Port field, type a port number or select a service name from the Service Port list.

    Note: F5 recommends using HTTPS and Secure Sockets Layer (SSL) for BIG-IP virtual servers.

  5. From the HTTP Profile (Client) list, select a previously-created HTTP/2 profile for client-side traffic.

  6. In the Access Policy area, from the Access Profile list, select the access profile that you configured earlier.

  7. From the Connectivity Profile list, select the connectivity profile.

  8. If you are creating a virtual server to use with portal access resources in addition to remote desktops, from the Rewrite Profile list, select the default rewrite profile, or another rewrite profile you created.

  9. If you use server SSL for this connection, from the SSL Profile (Server) list, select a server SSL profile.

  10. If you use client SSL for this profile, from the SSL Profile (Client) list, select a client SSL profile.

  11. If you want to provide connections to allow Java rewriting for portal access or support a per-app VPN connection that is configured on a mobile device, select the Application Tunnels (Java & Per-App VPN) check box.

    You must enable this setting to make socket connections from a patched Java applet. If your applet does not require socket connections, or only uses HTTP to request resources, this setting is not required.

  12. If you want to provide native integration with an OAM server for authentication and authorization, select the OAM Support check box.

    You must have an OAM server configured in order to enable OAM support.

  13. Click Update.

Your access policy is now associated with the virtual server.