Reference: Access Policies and Applicable Policy Items

The policy items that can be configured depend on the policy type and the macro (sub-policy) you are adding to the policy. Not all items are applicable for each of them. BIG-IP Next Access supports configuring the following policies and sub-policies:

  • Per-session policy

    • Per-session policy macro

  • Per-request policy

    • Per-request policy macro

    • Per-request policy subroutine

    • Per-request policy subroutine macro

The table below shows the policy items and the policy or sub-policy types they are applicable.

Policy Items Per-Session Policy Per-Session Macro Policy Per-Request Policy Per-Request Macro Policy Per-Request Subroutine Policy Per-Request Subroutine Macro Policy
Active Directory Authentication Applicable Applicable Applicable
Active Directory Query Applicable Applicable Applicable
Advanced Resource Assign Applicable
Allow Applicable Applicable
Antivirus Check Applicable
Client Capability Check Applicable
Client Certificate Inspection Applicable Applicable Applicable
Client Operating System Applicable Applicable Applicable
Client Type Applicable Applicable
Confirm Box Applicable Applicable
CRLDP AAA Server Applicable Applicable
CRLDP Authentication Applicable Applicable
Date Time Applicable Applicable Applicable
Decision Box Applicable Applicable
Deny Applicable
Disk Encryption Check Applicable
Email Applicable Applicable
Empty Applicable Applicable Applicable Applicable Applicable Applicable
Firewall Applicable
Form-Based SSO Applicable Applicable
Geolocation Match Applicable Applicable
Hard Disk Encrytption Applicable
HTTP Connector Applicable Applicable Applicable
HTTP 401 Response Applicable Applicable
HTTP 407 Response Applicable Applicable
HTTP Basic SSO Applicable Applicable
HTTP Header Modify Applicable Applicable
IP Geolocation Match Applicable Applicable
IP Subnet Match Applicable Applicable Applicable Applicable
iRule Event Applicable Applicable Applicable Applicable Applicable Applicable
Kerberos AA Server Applicable Applicable
Kerberos Authentication Applicable
Kerberos SSO Applicable Applicable
Landing URI Applicable Applicable
LDAP AA Server Applicable Applicable
LDAP Authentication Applicable Applicable Applicable
Linux File Check Applicable
LDAP Query Applicable Applicable Applicable
Linux Process Check Applicable
Logging Applicable Applicable Applicable Applicable
Logon Page Applicable Applicable Applicable
Mac File Check Applicable
Mac Process Check Applicable
Machine Certificate Inspection Applicable
Machine Info Endpoint Applicable
Macro Call Applicable Applicable Applicable Applicable Applicable
Message Box Applicable Applicable Applicable
NTLM Auth Result Applicable Applicable
OAuth Bearer SSO Applicable Applicable
OAuth Client and Resource Server Applicable Applicable
OAuth Federation Applicable
OAuth Provider Applicable Applicable
OAuth Scope Applicable Applicable
OCSP AAA Responder Applicable Applicable
OCSP Authentication Applicable Applicable
On-Demand Certificate Authentication Applicable Applicable Applicable
Patch Management Applicable
Pool Assign Applicable Applicable
Public File Sharing Applicable
RADIUS AAA Server Applicable Applicable
RADIUS Authentication Applicable
Redirect Applicable Applicable
Reject Applicable
SAML Attribute Match Applicable
SAML Federation Applicable Applicable Applicable
Simple Terminal Out Applicable Applicable Applicable Applicable Applicable
SSO Configuration Select Applicable
SSO Credential Mapping Applicable Applicable
System Health Agent Applicable
System Health Check Applicable
URL Branching Applicable Applicable Applicable Applicable
Variable Assignment Applicable Applicable Applicable Applicable
Windows File Check Applicable
Windows Info Endpoint Applicable
Windows Process Check Applicable
Windows Registry Applicable