Activate F5 product registration key
Verify the proper operation of your BIG-IP system
Get up to speed with free self-paced courses
Join the community of 300,000+ technical peers
Advance your career with F5 Certification
Product Manuals and Release notes
An access policy item is a small action, or rule, that serves a specific purpose in an access policy. Access policy items are all added to the access policy in the same way; but in most cases, each access policy item must be configured individually. In Access Policy Manager®, an access policy item is one of five types.
Item type | Configuration details | Examples |
---|---|---|
Blank item | This type of access policy item has no explicit configuration on the configuration page, and can be configured to verify a wide range of conditions with Expression screens. |
|
Preconfigured branch rule item | This type of access policy item has no explicit configuration on the configuration page, and a preconfigured set of rules on the Branch Rules page. |
|
Properties page configuration item | This type of access policy has all standard configuration options on the configuration page, to verify the required information, prompt for information, or another action. |
|
Assignment item | An assignment action allows configuration on the configuration page, and contains a list of available resources of a certain type, and allows you to select one or multiple resources to assign. Some resource assignment actions, such as Webtop, Links and Sections Assign, allow you to assign multiple items of different types. Advanced Resource Assign is a special case that allows you to select and assign multiple resources of different types at once. |
|
Mapping assignment item | A mapping assignment action allows you to assign one variable or resource to the value of another variable or resource. This kind of assign action includes the assignment of resources or variables on a separate page, linked from the main screen. |
|
Option | Description |
---|---|
Endpoint Security (Client-Side) > Machine Info | Collects machine info, and checks it against established values. |
General Purpose > Empty | An empty action that you can configure with any allowed checks. |
Option | Description |
---|---|
Endpoint Security (Server-Side) > Client for MS Exchange | Checks that the system is a client for Microsoft Exchange. |
Endpoint Security (Server-Side) > Client OS | Provides branches based on the result of an operating system check on the client. |
Endpoint Security (Server-Side) > Client Type | Provides branches based on the result of an client type check. |
Endpoint Security (Server-Side) > Client-Side Capability | Checks whether the client can run client side checks and provides positive and fallback branches. |
Endpoint Security (Server-Side) > Date Time | Provides branches based on a certain date or time. |
Endpoint Security (Server-Side) > IP Geolocation Match | Provides branches based on a specific geographic origin for the client. |
Endpoint Security (Server-Side) > IP Reputation | Checks the client IP against an IP reputation database. |
Endpoint Security (Server-Side) > Jailbroken or Rooted Device Detection | Provides branches based on whether the device appears to be jailbroken or rooted. |
Endpoint Security (Server-Side) > Landing URI | Provides branches based on a specific landing URI. |
Endpoint Security (Server-Side) > License | Provides branches based on the available global APM licenses. |
Endpoint Security (Client-Side) > Windows Info | Provides branches based on specific Windows information, such as operating system type and patch level. |
Option | Description |
---|---|
Logon > External Logon Page | Presents an external logon page for the client. |
Logon > HTTP 401 Response | Provides a custom HTTP 401 logon page. |
Logon > HTTP 407 Response | Provides a custom HTTP 407 logon page. |
Logon > Logon Page | Provides a custom logon page that you can configure entirely from the properties screen. |
Logon > Virtual Keyboard | Provides a configurable virtual keyboard for logon information entry. |
Logon > VMware View Logon Page | Provides a custom logon page for VMware View. |
Endpoint Security (Client-Side) > Anti-Spyware | Checks that the client is running specified anti-spyware software. |
Endpoint Security (Client-Side) > Antivirus | Checks that the client is running specified antivirus software. |
Endpoint Security (Client-Side) > Firewall | Checks that the client is running specified firewall software. |
Endpoint Security (Client-Side) > Hard Disk Encryption | Checks that the client hard disk is encrypted. |
Endpoint Security (Client-Side) > Linux File | Allows a check for a specific file with specified properties on a Linux system. |
Endpoint Security (Client-Side) > Linux Process | Allows a check for a specific process on Linux systems. |
Endpoint Security (Client-Side) > Mac File | Allows a check for a specific file with specified properties on a Mac. |
Endpoint Security (Client-Side) > Mac Process | Allows a check for a specific process on a Mac. |
Endpoint Security (Client-Side) > Machine Cert Auth | Allows a check for a machine certificate. |
Endpoint Security (Client-Side) > Patch Management | Allows a check for patches to specific files. |
Endpoint Security (Client-Side) > Peer-to-peer | Allows a check for peer to peer software on a system. |
Endpoint Security (Client-Side) > Windows Cache and Session Control | Allows you to configure Windows clients to clean certain items after the session closes. |
Endpoint Security (Client-Side) > Windows File | Allows a check for a specific file with specified properties on Windows systems. |
Endpoint Security (Client-Side) > Windows Health Agent | Allows a check for a health agent on Windows systems. |
Endpoint Security (Client-Side) > Windows Process | Allows a check for a specific process on Windows systems. |
Endpoint Security (Client-Side) > Windows Protected Workspace | Allows configuration of a protected workspace in Windows. |
Endpoint Security (Client-Side) > Windows Registry | Allows a check for a specific registry value in Windows. |
General Purpose > Decision Box | Allows configuration of a choice of two branches for the user, with custom text describing each choice. |
General Purpose > Email | Sends an email, when reached in the access policy. |
General Purpose > iRule Event | Allows configuration of a choice of two branches for the user, with custom text describing each choice. |
General Purpose > Local Database | Allows you to add entries to a local database. |
General Purpose > Logging | Allows you to log a session variable result. |
General Purpose > Message Box | Shows a message, and requires the user to click to continue. |
Option | Description |
---|---|
Assignment > ACL Assign | Assigns an ACL to the access policy branch. |
Assignment > Advanced Resource Assign | Directly assigns all types of resources. |
Assignment > BWC Policy | Assigns a Bandwidth Controller policy to an access policy branch. |
Assignment > Citrix Smart Access | Assigns a Citrix Smart Access filter to an access policy branch. |
Assignment > Dynamic ACL | Assigns a dynamic ACL to an access policy branch. |
Assignment > Resource Assign | Allows you to assign connection resources, remote desktops, and SAML resources. |
Assignment > Route Domain and SNAT Selection | Allows you to assign a route domain, SNAT, and SNAT pool to an access policy branch. |
Assignment > SSO Credential Mapping | Allows you to assign attributes for the SSO username and password. |
Assignment > Webtop, Links and Sections Assign | Allows you to assign a webtop, webtop links, and webtop sections to an access policy branch. |
Option | Description |
---|---|
Assignment > AD Group Resource Assign | Maps resources from an Active Directory group to access policy resources. |
Assignment > LDAP Group Resource Assign | Maps resources from an LDAP group to access policy resources. |
Assignment > Variable Assign | Allows you to assign predefined or custom variables to attributes, values, text, or expressions. |