Reference: Access Policies and Applicable Policy Items¶
The policy items that can be configured depend on the policy type and the macro (sub-policy) you are adding to the policy. Not all items are applicable for each of them. BIG-IP Next Access supports configuring the following policies and sub-policies:
Per-session policy
Per-session policy macro
Per-request policy
Per-request policy macro
Per-request policy subroutine
Per-request policy subroutine macro
The table below shows the policy items and the policy or sub-policy types they are applicable.
Policy Items | Per-Session Policy | Per-Session Macro Policy | Per-Request Policy | Per-Request Macro Policy | Per-Request Subroutine Policy | Per-Request Subroutine Macro Policy |
---|---|---|---|---|---|---|
Active Directory AAA Server | Applicable | Applicable | ||||
Active Directory Auth | Applicable | Applicable | ||||
Active Directory Query | Applicable | Applicable | ||||
Allow | Applicable | Applicable | ||||
Client Cert Inspection | Applicable | Applicable | ||||
Client Type | Applicable | Applicable | ||||
Confirm Box | Applicable | Applicable | ||||
CRLDP AAA Server | Applicable | Applicable | ||||
CRLDP Auth | Applicable | Applicable | ||||
Decision Box | Applicable | Applicable | ||||
Deny | Applicable | |||||
Disk Encryption Check | Applicable | |||||
Applicable | Applicable | |||||
Empty | Applicable | Applicable | Applicable | Applicable | Applicable | Applicable |
Firewall Check | Applicable | |||||
Form-Based SSO | Applicable | Applicable | ||||
HTTP 401 Response | Applicable | Applicable | ||||
HTTP 407 Response | Applicable | Applicable | ||||
HTTP Basic SSO | Applicable | Applicable | ||||
HTTP Header Modify | Applicable | Applicable | ||||
IP Geolocation Match | Applicable | Applicable | ||||
IP Subnet Match | Applicable | Applicable | ||||
IRule Event | Applicable | Applicable | Applicable | Applicable | Applicable | Applicable |
Kerberos AA Server | Applicable | Applicable | ||||
Kerberos SSO | Applicable | Applicable | ||||
Landing URI | Applicable | Applicable | ||||
LDAP AA Server | Applicable | Applicable | ||||
LDAP Auth | Applicable | Applicable | ||||
LDAP Query | Applicable | Applicable | ||||
Linux Process Check | Applicable | |||||
Logging | Applicable | Applicable | ||||
Logon | Applicable | Applicable | ||||
Macro Call | Applicable | Applicable | Applicable | Applicable | Applicable | |
Message-box | Applicable | Applicable | ||||
NTLM Auth Result | Applicable | Applicable | ||||
OAuth Bearer SSO | Applicable | Applicable | ||||
OAuth Client and Resource Server | Applicable | Applicable | ||||
OAuth Provider | Applicable | Applicable | ||||
OAuth Scope | Applicable | Applicable | ||||
OCSP AAA Responder | Applicable | Applicable | ||||
OCSP Auth | Applicable | Applicable | ||||
On-Demand Certificate Auth | Applicable | Applicable | ||||
RADIUS AAA Server | Applicable | Applicable | ||||
Redirect | Applicable | Applicable | ||||
Reject | Applicable | |||||
SAML | Applicable | Applicable | ||||
Simple Terminal Out | Applicable | Applicable | Applicable | Applicable | Applicable | |
SSO Credential Mapping | Applicable | Applicable | ||||
System Health Check | Applicable | |||||
URL Branching | Applicable | Applicable | Applicable | Applicable | ||
Variable Assign | Applicable | Applicable | ||||
Windows Registry Check | Applicable |