Network Access¶
Overview¶
This document describes the API to configure Network Access and its properties in BIG-IQ.
REST Endpoint: /mgmt/cm/access/working-config/apm/resource/network-access¶
Requests¶
GET /mgmt/cm/access/working-config/apm/resource/network-access/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
addressSpaceDhcpRequestsExcluded | string | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | Specify the target operating system. |
parameter | string | Specify any parameters for the application separated by spaces. |
path | string | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | Specify bits per second. |
clientIpFilterEngine | string | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | Reference to the selected Client Traffic Classifier. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
clientTrayIcon | string | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | Specify the customization name. |
customizationGroupReference | reference | Specify the Customization reference. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
dnsEnforceSearchOrder | string | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | Configure Driver Mappings in the Network Access. |
drive | string | Enter the drive. |
path | string | Enter Path to the Server. |
description | string | Enter the description. |
dtls | string | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
leasepoolName | string | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
microsoftNetworkClient | string | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | Reference to the optimized app. |
link | string | URI link of the reference. |
preserveSourcePortStrict | string | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | Choose between none and automap. None - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. Automap - The system uses all of the self IP addresses as the translation addresses for the pool SNAT name if you have defined a SNAT on the BIG-IP system. |
splitTunneling | string | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | Specify the Static Hosts. |
address | string | Enter a valid related IP address |
hostname | string | Enter valid host name. |
supportedIpVersion | string | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | Specify the type of the Network Access.The default value is ‘network-access’. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
description | string | The description of an Application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | Yes |
Service_Catalog_Viewer | Yes |
Service_Catalog_Editor | Yes |
Trust_Discovery_Import | Yes |
Access_View | Yes |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | Yes |
Application_Viewer | Yes |
Access_Deploy | Yes |
Access_Policy_Editor | Yes |
POST /mgmt/cm/access/working-config/apm/resource/network-access¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
addressSpaceDhcpRequestsExcluded | string | False | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | False | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | False | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | False | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | False | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | False | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | False | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | False | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | False | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | False | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | False | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | False | Specify the target operating system. |
parameter | string | False | Specify any parameters for the application separated by spaces. |
path | string | False | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | False | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | False | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | False | Specify bits per second. |
clientIpFilterEngine | string | False | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | False | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | False | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | False | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | False | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | False | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | False | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | False | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | False | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | False | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | False | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | False | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | False | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | False | Reference to the selected Client Traffic Classifier. |
link | string | False | URI link of the reference. |
clientTrayIcon | string | False | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | False | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | True | Specify the customization name. |
customizationGroupReference | reference | True | Specify the Customization reference. |
link | string | True | URI link of the reference. |
dnsEnforceSearchOrder | string | False | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | False | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | False | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | False | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | False | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | False | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | False | Configure Driver Mappings in the Network Access. |
drive | string | False | Enter the drive. |
path | string | False | Enter Path to the Server. |
description | string | False | Enter the description. |
dtls | string | False | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | False | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | False | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | False | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | False | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | False | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | False | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | False | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | False | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | False | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | False | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | False | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | False | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
link | string | True | URI link of the reference. |
leasepoolName | string | False | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | False | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
link | string | True | URI link of the reference. |
microsoftNetworkClient | string | False | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | False | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | False | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | False | Reference to the optimized app. |
link | string | True | URI link of the reference. |
preserveSourcePortStrict | string | False | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | False | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | False | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | False | Choose between none and automap, none - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. automap - The system uses all of the self IP addresses as the translation addresses for the pool. snat name if you have defined a SNAT on the BIG-IP |
splitTunneling | string | False | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | False | Specify the Static Hosts. |
address | string | False | Enter a valid related IP address |
hostname | string | False | Enter valid host name. |
supportedIpVersion | string | False | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | False | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | False | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | False | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | False | Specify the type of the Network Access.The default value is ‘network-access’. |
name | string | True | The name of the object |
partition | string | True | The BIG-IP partition where the object should be placed |
subPath | string | False | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | False | Reference to the device |
id | string | False | Id of the device. |
link | string | True | URI link of the reference. |
isLsoShared | boolean | True | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Reference to the device group. |
link | string | True | URI link of the reference. |
description | string | False | The description of an Application. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
addressSpaceDhcpRequestsExcluded | string | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | Specify the target operating system. |
parameter | string | Specify any parameters for the application separated by spaces. |
path | string | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | Specify bits per second. |
clientIpFilterEngine | string | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | Reference to the selected Client Traffic Classifier. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
clientTrayIcon | string | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | Specify the customization name. |
customizationGroupReference | reference | Specify the Customization reference. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
dnsEnforceSearchOrder | string | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | Configure Driver Mappings in the Network Access. |
drive | string | Enter the drive. |
path | string | Enter Path to the Server. |
description | string | Enter the description. |
dtls | string | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
leasepoolName | string | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
microsoftNetworkClient | string | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | Reference to the optimized app. |
link | string | URI link of the reference. |
preserveSourcePortStrict | string | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | Choose between none and automap, none - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. automap - The system uses all of the self IP addresses as the translation addresses for the pool. snat name if you have defined a SNAT on the BIG-IP |
splitTunneling | string | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | Specify the Static Hosts. |
address | string | Enter a valid related IP address |
hostname | string | Enter valid host name. |
supportedIpVersion | string | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | Specify the type of the Network Access.The default value is ‘network-access’. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
description | string | The description of an Application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PUT /mgmt/cm/access/working-config/apm/resource/network-access/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
addressSpaceDhcpRequestsExcluded | string | False | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | False | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | False | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | False | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | False | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | False | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | False | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | False | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | False | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | False | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | False | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | False | Specify the target operating system. |
parameter | string | False | Specify any parameters for the application separated by spaces. |
path | string | False | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | False | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | False | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | False | Specify bits per second. |
clientIpFilterEngine | string | False | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | False | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | False | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | False | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | False | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | False | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | False | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | False | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | False | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | False | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | False | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | False | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | False | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | False | Reference to the selected Client Traffic Classifier. |
name | string | False | Name of the resource |
kind | string | False | The kind of the resource. |
link | string | False | URI link of the reference. |
clientTrayIcon | string | False | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | False | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | False | Specify the customization name. |
customizationGroupReference | reference | False | Specify the Customization reference. |
name | string | False | Name of the resource |
kind | string | False | The kind of the resource. |
link | string | False | URI link of the reference. |
dnsEnforceSearchOrder | string | False | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | False | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | False | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | False | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | False | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | False | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | False | Configure Driver Mappings in the Network Access. |
drive | string | False | Enter the drive. |
path | string | False | Enter Path to the Server. |
description | string | False | Enter the description. |
dtls | string | False | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | False | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | False | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | False | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | False | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | False | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | False | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | False | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | False | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | False | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | False | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | False | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | False | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
name | string | True | Name of the resource |
kind | string | False | The kind of the resource. |
link | string | False | URI link of the reference. |
leasepoolName | string | False | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | False | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
name | string | True | Name of the resource |
kind | string | False | The kind of the resource. |
link | string | False | URI link of the reference. |
microsoftNetworkClient | string | False | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | False | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | False | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | False | Reference to the optimized app. |
link | string | True | URI link of the reference. |
preserveSourcePortStrict | string | False | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | False | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | False | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | False | Choose between none and automap, none - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. automap - The system uses all of the self IP addresses as the translation addresses for the pool. snat name if you have defined a SNAT on the BIG-IP |
splitTunneling | string | False | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | False | Specify the Static Hosts. |
address | string | False | Enter a valid related IP address |
hostname | string | False | Enter valid host name. |
supportedIpVersion | string | False | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | False | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | False | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | False | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | False | Specify the type of the Network Access.The default value is ‘network-access’. |
name | string | False | The name of the object |
partition | string | False | The BIG-IP partition where the object should be placed |
subPath | string | False | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | False | Reference to the device |
id | string | False | Id of the device. |
name | string | True | Device name. Typically it is device’s hostname. |
kind | string | False | Kind of the device. |
machineId | string | False | Machine ID of the device. |
link | string | True | URI link of the reference. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | True | Reference to the device group. |
name | string | True | Name of the resource |
kind | string | False | The kind of the resource. |
link | string | False | URI link of the reference. |
id | string | False | An ID of an application |
kind | string | False | The kind of application. |
selfLink | string | False | The selfLink of an application. |
description | string | False | The description of an Application. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
addressSpaceDhcpRequestsExcluded | string | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | Specify the target operating system. |
parameter | string | Specify any parameters for the application separated by spaces. |
path | string | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | Specify bits per second. |
clientIpFilterEngine | string | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | Reference to the selected Client Traffic Classifier. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
clientTrayIcon | string | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | Specify the customization name. |
customizationGroupReference | reference | Specify the Customization reference. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
dnsEnforceSearchOrder | string | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | Configure Driver Mappings in the Network Access. |
drive | string | Enter the drive. |
path | string | Enter Path to the Server. |
description | string | Enter the description. |
dtls | string | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
leasepoolName | string | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
microsoftNetworkClient | string | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | Reference to the optimized app. |
link | string | URI link of the reference. |
preserveSourcePortStrict | string | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | Choose between none and automap, none - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. automap - The system uses all of the self IP addresses as the translation addresses for the pool. snat name if you have defined a SNAT on the BIG-IP |
splitTunneling | string | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | Specify the Static Hosts. |
address | string | Enter a valid related IP address |
hostname | string | Enter valid host name. |
supportedIpVersion | string | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | Specify the type of the Network Access.The default value is ‘network-access’. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
description | string | The description of an Application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A Detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PATCH /mgmt/cm/access/working-config/apm/resource/network-access/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
addressSpaceDhcpRequestsExcluded | string | False | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | False | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | False | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | False | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | False | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | False | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | False | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | False | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | False | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | False | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | False | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | False | Specify the target operating system. |
parameter | string | False | Specify any parameters for the application separated by spaces. |
path | string | False | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | False | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | False | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | False | Specify bits per second. |
clientIpFilterEngine | string | False | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | False | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | False | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | False | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | False | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | False | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | False | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | False | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | False | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | False | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | False | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | False | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | False | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | False | Reference to the selected Client Traffic Classifier. |
link | string | False | URI link of the reference. |
clientTrayIcon | string | False | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | False | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | False | Specify the customization name. |
customizationGroupReference | reference | False | Specify the Customization reference. |
link | string | False | URI link of the reference. |
dnsEnforceSearchOrder | string | False | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | False | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | False | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | False | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | False | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | False | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | False | Configure Driver Mappings in the Network Access. |
drive | string | False | Enter the drive. |
path | string | False | Enter Path to the Server. |
description | string | False | Enter the description. |
dtls | string | False | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | False | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | False | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | False | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | False | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | False | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | False | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | False | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | False | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | False | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | False | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | False | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | False | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
link | string | True | URI link of the reference. |
leasepoolName | string | False | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | False | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
link | string | True | URI link of the reference. |
microsoftNetworkClient | string | False | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | False | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | False | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | False | Reference to the optimized app. |
link | string | True | URI link of the reference. |
preserveSourcePortStrict | string | False | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | False | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | False | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | False | Choose between none and automap, none - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. automap - The system uses all of the self IP addresses as the translation addresses for the pool. snat name if you have defined a SNAT on the BIG-IP |
splitTunneling | string | False | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | False | Specify the Static Hosts. |
address | string | False | Enter a valid related IP address |
hostname | string | False | Enter valid host name. |
supportedIpVersion | string | False | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | False | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | False | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | False | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | False | Specify the type of the Network Access.The default value is ‘network-access’. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
description | string | False | The description of an Application. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
addressSpaceDhcpRequestsExcluded | string | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | Specify the target operating system. |
parameter | string | Specify any parameters for the application separated by spaces. |
path | string | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | Specify bits per second. |
clientIpFilterEngine | string | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | Reference to the selected Client Traffic Classifier. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
clientTrayIcon | string | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | Specify the customization name. |
customizationGroupReference | reference | Specify the Customization reference. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
dnsEnforceSearchOrder | string | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | Configure Driver Mappings in the Network Access. |
drive | string | Enter the drive. |
path | string | Enter Path to the Server. |
description | string | Enter the description. |
dtls | string | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
leasepoolName | string | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
microsoftNetworkClient | string | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | Reference to the optimized app. |
link | string | URI link of the reference. |
preserveSourcePortStrict | string | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | Choose between none and automap, none - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. automap - The system uses all of the self IP addresses as the translation addresses for the pool. snat name if you have defined a SNAT on the BIG-IP |
splitTunneling | string | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | Specify the Static Hosts. |
address | string | Enter a valid related IP address |
hostname | string | Enter valid host name. |
supportedIpVersion | string | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | Specify the type of the Network Access.The default value is ‘network-access’. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
description | string | The description of an Application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Access_Deploy | No |
Access_Policy_Editor | No |
DELETE /mgmt/cm/access/working-config/apm/resource/network-access/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
addressSpaceDhcpRequestsExcluded | string | Specify to allow clients to connect through the IP filtering engine and use a DHCP server that is local to the client to renew the client DHCP lease locally, in Client Side Security settings enable Allow access to local DHCP server. Otherwise, clear it. This option should be configured only when Integrated IP filtering engine is enabled. This option applies only to the local client IP address. It does not renew the DHCP lease for the IP address assigned from the Network Access lease pool. |
addressSpaceExcludeDnsName | array_of_strings | Specify domain names. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com. |
addressSpaceExcludeSubnet | array_of_objects | Specify IPv4 addresses that needs to be excluded in the traffic. |
subnet | string | Specify IP addresses and network masks for any traffic that you do not want to force through the tunnel. |
addressSpaceIncludeDnsName | array_of_strings | Specify domain names that describe the target LAN DNS addresses. Enter the domain name in the form shown in these examples: site.siterequest.com or *.siterequest.com, |
addressSpaceIncludeSubnet | array_of_objects | Specify IPV4 addresses and network masks that allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
addressSpaceLocDnsServersExcluded | string | To enable local access to the DNS servers configured on client before establishing Network Access connections, enable Allow Local DNS Servers. Otherwise, disable it. |
addressSpaceLocalSubnetsExcluded | string | To enable local subnet access and local access to any host or subnet in the routes in the client routing table, enable Allow Local Subnet. Otherwise, disable it. When you enable this setting, the system does not support integrated IP filtering. |
addressSpaceProtect | string | To discard any requests to add, delete, or modify entries in the client routing table for the F5 PPP adapter, in Client Side Security settings, enable Prohibit routing table changes during Network Access connection. Otherwise, disable it. |
applicationLaunch | array_of_objects | Specify to launch applications to a Network Access resource when your users are likely to connect to an application server for which they have a client-side component on their systems. This is useful, for example, when Network Access connects directly to an Exchange server, and users run the Microsoft Outlook program to access the server. |
osType | string | Specify the target operating system. |
parameter | string | Specify any parameters for the application separated by spaces. |
path | string | Path to the application Note: Do not enter single or double-quotes in this field. reconnect_to_domain - Specifies that the client should reconnect to the domain after the network access tunnel starts, if, for example, the Network Access tunnel is established before the domain controller logon occurs. Path to the application/gpo_logoff_scripts -Specifies to run group policy object logoff scripts when the Network Access tunnel stops. |
applicationLaunchWarning | string | On enable, display security warnings before launching the application whether or not the site is in the Trusted Sites list. On disable, displays security warnings only if the site is not in the Trusted Sites list. |
autoLaunch | string | On enable, the Network Access resource starts automatically when the user reaches the full webtop. Note: When multiple Network Access resources are assigned to a full webtop, only one can have auto launch enabled. |
clientInterfaceSpeed | number | Specify bits per second. |
clientIpFilterEngine | string | To protect a resource from outside traffic (that is generated by network devices on the client’s LAN), and to ensure that the resource is not leaking traffic to the client’s LAN, in Client Side Security settings select Integrated IP filtering engine. Otherwise, disable it. |
clientPowerManagement | string | Specify how Network Access handles client power management settings (when the user puts the system in standby, or closes the lid on a laptop), for Client Power Management select one: Ignore - Ignore the client settings for power management. Prevent - Prevent power management events from occurring when the client is connected. Terminate - Terminate the Network Access connection when a power management event occurs. |
clientProxy | string | Client proxy settings apply to the proxy behind the Access Policy Manager and do not affect the VPN tunnel transport, or interact with the TLS or DTLS configuration. Use client proxy settings when intranet web servers are not directly accessible from the Access Policy Manager internal subnet. Client proxy settings apply only to HTTP, HTTPS, and FTP connections. SOCKS connections can also be proxied, with a custom PAC file. |
clientProxyAddress | string | Specify the IP address for the client proxy server that Network Access clients use to connect to the Internet. |
clientProxyEnforceSubnets | string | To allow IP address space enforcement in a proxy auto-configuration script, select Enforce IP Address Space in Client Proxy Autoconfig Script. Otherwise, disable it. |
clientProxyExclusionList | array_of_strings | For Web addresses that do not need to be accessed through your proxy server, add them to the Proxy Exclusion List. You can use wild cards to match domain names and host names or addresses. For example, www..com, 128., 240.8, 8., mygroup., *. , and so forth. |
clientProxyIgnoreAutoConfigError | string | To have the system establish the VPN tunnel even when download of the client proxy autoconfig script fails, enable Ignore Client Proxy Autoconfig Script Download Failure. Otherwise, disable it; then if the client proxy autoconfig script fails to download, the VPN tunnel is not established. |
clientProxyLocalBypass | string | To allow local (intranet) addresses to bypass the proxy server enable Bypass Proxy For Local Addresses. |
clientProxyPort | number | Specify the port number on the proxy server that Network Access clients to use to connect to the Internet. |
clientProxyScript | string | To use a URL for a proxy auto-configuration script with this connection, type the URL in Client Proxy Autoconfig Script. |
clientProxyUseHttpPac | string | Specify the browser use http:// to locate the proxy autoconfig file, instead of file://. Some applications, such as Citrix MetaFrame, cannot use the client proxy autoconfig script when the browser attempts to use the file:// prefix to locate it. |
clientProxyUseLocalProxy | string | Enable to continue to use proxy settings that are configured on the client after establishing a Network Access connection |
clientTrafficClassifier | string | For Windows clients to use a client traffic classifier with this Network Access connection, enter Client Traffic Classifier. Client Traffic Classifier should be pre-created and associate name to this property. |
clientTrafficClassifierReference | reference | Reference to the selected Client Traffic Classifier. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
clientTrayIcon | string | To display balloon notifications for the Network Access tray icon (for example, when a connection is made) enable Display connection tray. Otherwise, disable it. |
compression | string | Choose compression as none or gzip. No Compression - Traffic passes between the Network Access client and the BIG-IP system without compression. GZIP Compression - All traffic between the Network Access client and the BIG-IP system is compressed using the GZIP deflate method. |
customizationGroup | string | Specify the customization name. |
customizationGroupReference | reference | Specify the Customization reference. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
dnsEnforceSearchOrder | string | On enable, APM continuously checks the DNS order on the network interface, and sets the Network Access-supplied entries first in the list if they change during a session. On disable, APM uses your local DNS settings as primary and the Network Access-supplied DNS settings as secondary. (This might be useful when split tunneling is in use and the client connects remotely.) |
dnsPrimary | string | Specify the primary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsRegisterConnection | string | Enable to register the address of this connection in the DNS server, for Register this connection’s addresses in DNS. |
dnsSecondary | string | Specify the secondary IPV4 address of a DNS server for Network Access to convey to the remote access point. |
dnsSuffix | string | Specify one or more DNS suffixes, separated by commas, to send to the client. On leaving it empty, then the controller sends its own DNS suffix to the client. |
dnsUseDnsSuffixForRegistration | string | Enable to register the default domain suffix, for Use this connection’s DNS suffix in DNS. |
driveMapping | array_of_objects | Configure Driver Mappings in the Network Access. |
drive | string | Enter the drive. |
path | string | Enter Path to the Server. |
description | string | Enter the description. |
dtls | string | To specify that the Network Access connection use Datagram Transport Level Security (DTLS), enable DTLS. DTLS uses UDP instead of TCP to provide better throughput for high demand applications like VoIP or streaming video, especially with lossy connections. |
dtlsPort | number | Specify a port number for the Network Access resource to use for secure UDP traffic with DTLS. The default value is 4433. |
executeLogoffScripts | string | For the system to run logoff scripts (configured on the Active Directory domain) when the connection is terminated, Enable Execute logoff scripts on connection termination. Otherwise, disable it. |
idleTimeoutThreshold | number | Specifies the average byte rate that either ingress or egress tunnel traffic must exceed in order for the tunnel to update a session. If the average byte rate falls below the specified threshold, the system applies the inactivity timeout that is defined in the Access profile to the session. The default value is 0. |
idleTimeoutWindow | number | Specify a number to calculate the EMA (Exponential Moving Average) byte rate of ingress and egress tunnel traffic. The default value is 0. |
ipv6AddressSpaceExcludeSubnet | array_of_objects | Specify IPv6 addresses which needs to be excluded in the traffic. |
subnet | string | Specify IPV6 addresses and network masks for any traffic that you do not want to force through the tunnel. |
ipv6AddressSpaceIncludeSubnet | array_of_objects | Specify IPV6 addresses and network masks which allows traffic in the Network Access tunnel. |
subnet | string | Specify IP addresses and network masks that describe the target LAN. Only the traffic to these addresses and network segments goes through the Network Access tunnel. |
ipv6DnsPrimary | string | Specify the primary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6DnsSecondary | string | Specify the Secondary IPV6 address of a DNS server for Network Access to convey to the remote access point. |
ipv6LeasepoolName | string | First create IPV6 leasepool object then associated it’s name in this property. |
ipv6LeasepoolNameReference | reference | Reference of the IPV6 leasepool object which is selected as IPV6 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
leasepoolName | string | First create IPV4 leasepool object then associated object name in this property. |
leasepoolNameReference | reference | Reference of the IPV4 leasepool object which is selected as IPV4 Lease Pool. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
microsoftNetworkClient | string | To allow the client PC to access remote resources over a VPN connection, in Client Options setting enable Client for Microsoft Networks. Otherwise, disable it. |
microsoftNetworkServer | string | To allow remote hosts to access shared resources on the client computer over the secure access connection, in the Client Options area, enable File and printer sharing for Microsoft Networks Otherwise, disable it. |
networkTunnel | string | Enable/Disable Network Tunnel. |
optimizedAppReference | reference | Reference to the optimized app. |
link | string | URI link of the reference. |
preserveSourcePortStrict | string | Choose values between ‘none’ or ‘all’. none - specify that the system does not preserve the value configured for the source port. all - specify that the system preserves the value configured for the source port. Note: You must also select ‘none’ for SNAT. This setting applies on the last leg of the Network Access tunnel connection between an internal ACL virtual server and the backend. This setting applies to all traffic passing through the Network Access tunnel. |
provideClientCert | string | If the client certificates are required to establish an SSL connection, enable client certificate on Network Access connection when requested. However, if client certificates are requested (not required) in an SSL connection, you can disable this option; then the client does not send client certificates. |
proxyArp | string | On enabling Proxy ARP for a Network Access resource, remote VPN tunnel clients can use IP addresses from the LAN IP subnet without additional network infrastructure changes. Ranges of IP addresses from the LAN subnet can be configured in the lease pools and assigned to tunnel clients. When a host on the LAN sends traffic to a tunnel client, an ARP query is sent to request the client address. Access Policy Manager then responds with its own MAC address. Traffic is then sent to Network Access, and forwarded to the client over the Network Access tunnel. No configuration changes are required on devices other than the Access Policy Manager. |
snat | string | Choose between none and automap, none - The system uses no SNAT pool for this Network Access resource. You must select None if you enable Proxy ARP, enable Preserve Source Port Strict, or if you support CIFS/SMB or VoIP protocols with this Network Access resource. automap - The system uses all of the self IP addresses as the translation addresses for the pool. snat name if you have defined a SNAT on the BIG-IP |
splitTunneling | string | Values can be ‘true’/’false’. If the value is false then All traffic, including traffic to or from the local subnet, is forced over the VPN tunnel. otherwise, Only the traffic targeted to a specified address space is sent over the Network Access tunnel. All other traffic bypasses the tunnel. |
staticHost | array_of_objects | Specify the Static Hosts. |
address | string | Enter a valid related IP address |
hostname | string | Enter valid host name. |
supportedIpVersion | string | Choose between IPV4 or IPV4&IPV6 |
syncWithActiveDirectory | string | For Network Access to emulate the Windows logon process for a client on an Active Directory domain, enable Synchronize with Active Directory policies on connection establishment. Otherwise, disable it. When enabled, network policies are synchronized when the connection is established, or at logoff. The following items are synchronized: Scripts are started as specified in the user profile. Drives are mapped as specified in the user profile. Group policies are synchronized as specified in the user profile. Group Policy logon scripts start when the connection is established, and Group Policy logoff scripts run when the Network Access connection is stopped. |
winsPrimary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
winsSecondary | string | Specify the IP address of a WINS server to convey to the remote access point. This is needed for Microsoft Networking to function properly. |
type | string | Specify the type of the Network Access.The default value is ‘network-access’. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
description | string | The description of an Application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Access_Deploy | No |
Access_Policy_Editor | No |
Examples¶
Get Network Access¶
GET /mgmt/cm/access/working-config/apm/resource/network-access/<id>
Response¶
HTTP/1.1 200 OK
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
"description": "Application configuration details."
}
Create Network Access¶
POST /mgmt/cm/access/working-config/apm/resource/network-access/
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"isLsoShared": false,
"deviceGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"description": "Application configuration details."
}
Response¶
HTTP/1.1 200 OK
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
"description": "Application configuration details."
}
Edit Network Access¶
PUT /mgmt/cm/access/working-config/apm/resource/network-access/<id>
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
"description": "Application configuration details."
}
Response¶
HTTP/1.1 200 OK
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
"description": "Application configuration details."
}
Edit Network Access¶
PATCH /mgmt/cm/access/working-config/apm/resource/network-access/<id>
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"isLsoShared": false,
"description": "Application configuration details."
}
Response¶
HTTP/1.1 200 OK
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
"description": "Application configuration details."
}
Delete Network Access¶
DELETE /mgmt/cm/access/working-config/apm/resource/network-access/<id>
Response¶
HTTP/1.1 200 OK
{
"addressSpaceDhcpRequestsExcluded": "true",
"addressSpaceExcludeDnsName": "['*example.com']",
"addressSpaceExcludeSubnet": [{
"subnet": "192.16.0.0/21"
}],
"addressSpaceIncludeDnsName": "['*.example.com *.example.com example.com example.com']",
"addressSpaceIncludeSubnet": [{
"subnet": "198.1.1.0/32"
}],
"addressSpaceLocDnsServersExcluded": "false",
"addressSpaceLocalSubnetsExcluded": "false",
"addressSpaceProtect": "false",
"applicationLaunch": [{
"osType": "windows",
"parameter": "[mcget { example session variable } ]",
"path": "example.app"
}],
"applicationLaunchWarning": "true",
"autoLaunch": "true",
"clientInterfaceSpeed": 100000000,
"clientIpFilterEngine": "false",
"clientPowerManagement": "ignore",
"clientProxy": "false",
"clientProxyAddress": "any6",
"clientProxyEnforceSubnets": "true",
"clientProxyExclusionList": "['10.*']",
"clientProxyIgnoreAutoConfigError": "false",
"clientProxyLocalBypass": "false",
"clientProxyPort": 0,
"clientProxyScript": "function FindProxyForURL(url, host) { return 'PROXY proxy.example.com:8080; DIRECT';}",
"clientProxyUseHttpPac": "false",
"clientProxyUseLocalProxy": "false",
"clientTrafficClassifier": "/common/client_traffic_1",
"clientTrafficClassifierReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"clientTrayIcon": "true",
"compression": "none",
"customizationGroup": "/Common/frog1-F5_VPN_netac_customization",
"customizationGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"dnsEnforceSearchOrder": "true",
"dnsPrimary": "any6",
"dnsRegisterConnection": "false",
"dnsSecondary": "any6",
"dnsSuffix": "localhost example.example.com lab.fp.example.com fp.example.com example.com example.com",
"dnsUseDnsSuffixForRegistration": "false",
"driveMapping": [{
"drive": "d",
"path": "iexplore.exe",
"description": "Description of Drive D and path configuration."
}],
"dtls": "false",
"dtlsPort": 4433,
"executeLogoffScripts": "false",
"idleTimeoutThreshold": 0,
"idleTimeoutWindow": 0,
"ipv6AddressSpaceExcludeSubnet": [{
"subnet": "3456::/16"
}],
"ipv6AddressSpaceIncludeSubnet": [{
"subnet": "1234::/16"
}],
"ipv6DnsPrimary": "any6",
"ipv6DnsSecondary": "any6",
"ipv6LeasepoolName": "/Common/leasepool1",
"ipv6LeasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"leasepoolName": "/Common/rly_NA_wiz_601_lp",
"leasepoolNameReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"microsoftNetworkClient": "true",
"microsoftNetworkServer": "false",
"networkTunnel": "enabled",
"optimizedAppReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"preserveSourcePortStrict": "none",
"provideClientCert": "true",
"proxyArp": "false",
"snat": "automap",
"snatpool": "/Common/snatpool1",
"splitTunneling": "false",
"staticHost": [{
"address": "203.0.113.0",
"hostname": "www.example.com"
}],
"supportedIpVersion": "ipv4",
"syncWithActiveDirectory": "false",
"winsPrimary": "any6",
"winsSecondary": "any6",
"type": "network-access",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "844cfd8a-9e02-48e9-ba94-bb21a4ab444",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-9e02-48e9-ba94-bb21a4ab444"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
"description": "Application configuration details."
}