Fairly new to the SSL VPN tool and trying to come up to speed on it. Working today with custom expressions for role mappings and noticed that the options for building a custom expression looked identical to the options for building a custom condition under Resource Policies, Detailed Rules.
I created a couple of custom expressions for testing role mapping and wondered what the logic was as to why the DON'T show up under the conditions dictionary when building detailed rules. As all of the operators and variables seemed the same I wondered why you could not use the same item in both places.
Thanks for anyone who can shed some light on a somewhat trivial question.
I had my first experience with conditions this week, so now I have an opinion.
It certainly doesn't appear to make any sense for conditions and expressions to be separate. One quirk about expressions is that they are associated with a authorization server. If you change your authentication server, or add an authorization server, your existing expressions disappear even if they do not refer to any fields associated with the authorization server.
This sounds like something worth pressing Juniper on.