Reference: Access Policies and Applicable Policy Items¶
The policy items that can be configured depend on the policy type and the macro (sub-policy) you are adding to the policy. Not all items are applicable for each of them. BIG-IP Next Access supports configuring the following policies and sub-policies:
Per-session policy
Per-session policy macro
Per-request policy
Per-request policy macro
Per-request policy subroutine
Per-request policy subroutine macro
The table below shows the policy items and the policy or sub-policy types they are applicable.
| Policy Items | Per-Session Policy | Per-Session Macro Policy | Per-Request Policy | Per-Request Macro Policy | Per-Request Subroutine Policy | Per-Request Subroutine Macro Policy |
|---|---|---|---|---|---|---|
| Active Directory AAA Server | Applicable | Applicable | ||||
| Active Directory Auth | Applicable | Applicable | ||||
| Active Directory Query | Applicable | Applicable | ||||
| Allow | Applicable | Applicable | ||||
| Client Cert Inspection | Applicable | Applicable | ||||
| Client Type | Applicable | Applicable | ||||
| Confirm Box | Applicable | Applicable | ||||
| CRLDP AAA Server | Applicable | Applicable | ||||
| CRLDP Auth | Applicable | Applicable | ||||
| Decision Box | Applicable | Applicable | ||||
| Deny | Applicable | |||||
| Disk Encryption Check | Applicable | |||||
| Applicable | Applicable | |||||
| Empty | Applicable | Applicable | Applicable | Applicable | Applicable | Applicable |
| Firewall Check | Applicable | |||||
| Form-Based SSO | Applicable | Applicable | ||||
| HTTP 401 Response | Applicable | Applicable | ||||
| HTTP 407 Response | Applicable | Applicable | ||||
| HTTP Basic SSO | Applicable | Applicable | ||||
| HTTP Header Modify | Applicable | Applicable | ||||
| IP Geolocation Match | Applicable | Applicable | ||||
| IP Subnet Match | Applicable | Applicable | ||||
| IRule Event | Applicable | Applicable | Applicable | Applicable | Applicable | Applicable |
| Kerberos AA Server | Applicable | Applicable | ||||
| Kerberos SSO | Applicable | Applicable | ||||
| Landing URI | Applicable | Applicable | ||||
| LDAP AA Server | Applicable | Applicable | ||||
| LDAP Auth | Applicable | Applicable | ||||
| LDAP Query | Applicable | Applicable | ||||
| Linux Process Check | Applicable | |||||
| Logging | Applicable | Applicable | ||||
| Logon | Applicable | Applicable | ||||
| Macro Call | Applicable | Applicable | Applicable | Applicable | Applicable | |
| Message-box | Applicable | Applicable | ||||
| NTLM Auth Result | Applicable | Applicable | ||||
| OAuth Bearer SSO | Applicable | Applicable | ||||
| OAuth Client and Resource Server | Applicable | Applicable | ||||
| OAuth Provider | Applicable | Applicable | ||||
| OAuth Scope | Applicable | Applicable | ||||
| OCSP AAA Responder | Applicable | Applicable | ||||
| OCSP Auth | Applicable | Applicable | ||||
| On-Demand Certificate Auth | Applicable | Applicable | ||||
| RADIUS AAA Server | Applicable | Applicable | ||||
| Redirect | Applicable | Applicable | ||||
| Reject | Applicable | |||||
| SAML | Applicable | Applicable | ||||
| Simple Terminal Out | Applicable | Applicable | Applicable | Applicable | Applicable | |
| SSO Credential Mapping | Applicable | Applicable | ||||
| System Health Check | Applicable | |||||
| URL Branching | Applicable | Applicable | Applicable | Applicable | ||
| Variable Assign | Applicable | Applicable | ||||
| Windows Registry Check | Applicable |