Manual Chapter : Implementing endpoint state checks

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Implementing Device Posture Checks

Updated Date: 04/30/2026

Implementing endpoint state checks

You should have a per-request policy attached to a virtual server. In addition, your virtual server must have an access profile attached, which can be a blank “allow-all” policy.

Add endpoint state checking to an access policy to check client machines for a specified antivirus package, either continuously, or on each request.

  1. From the Main tab, click Access > Profiles / Policies > Per-Request Policies.

  2. Find the policy you want to edit, and in the Per-Request Policy column, click Edit.

  3. In the per-request policy, click Add New Subroutine.

  4. Name the subroutine and click Save.

  5. Expand the subroutine, and click the plus to add a new item.

  6. Select Endpoint Security (Client-Side), select Endpoint State, and click Add Item.

    By default, the Endpoint State check has no configuration.

  7. To configure subroutine settings such as the session lifetime or gating criteria, click Subroutine Settings / Rename.

Add an endpoint check to the subroutine following this action.