I've worked with Juniper's ssl vpn and F5's load balancers for years and have seen similar things. One thing to keep in mind is that there is a difference between F5 persistence and timeout. Also, although an F5 may not be aware of a device, if the F5 is setup L3, then all traffic passes through the F5 and as such timeouts apply. The default F5 timeout is 5 minutes, though we change that to 30 to match our firewall timeouts. Ask your F5 guys to watch a particular user via "b conn client x.x.x.x server x.x.x.x show all". Look at the last line of output for "IDLE". My guess is that you will be able to fix this via changing F5 profile timeout values. Have the F5 guys be as granular here as possible so that they don't change global profiles like tcp or fastL4 b/c that will affect the entire F5. Best case would be to attach an irule to the F5 vip for a 12 hour timeout: when SERVER_CONNECTED { IP::idle_timeout 43200 } ... View more

You can configure a custom login page and via the template toolkit do things on the server side. Here is the code: <% USE CGI %> <% CGI.server_name() %> And here are the other cgi variables you could display: DOCUMENT_ROOT The root directory of your server HTTP_COOKIE The visitor's cookie, if one is set HTTP_HOST The hostname of the page being attempted HTTP_REFERER The URL of the page that called your program HTTP_USER_AGENT The browser type of the visitor HTTPS "on" if the program is being called through a secure server PATH The system path your server is running under QUERY_STRING The query string (see GET, below) REMOTE_ADDR The IP address of the visitor REMOTE_HOST The hostname of the visitor (if your server has reverse-name-lookups on; otherwise this is the IP address again) REMOTE_PORT The port the visitor is connected to on the web server REMOTE_USER The visitor's username (for .htaccess-protected pages) REQUEST_METHOD GET or POST REQUEST_URI The interpreted pathname of the requested document or CGI (relative to the document root) SCRIPT_FILENAME The full pathname of the current CGI SCRIPT_NAME The interpreted pathname of the current CGI (relative to the document root) SERVER_ADMIN The email address for your server's webmaster SERVER_NAME Your server's fully qualified domain name (e.g. www.cgi101.com) SERVER_PORT The port number your server is listening on SERVER_SOFTWARE The server software you're using (e.g. Apache 1.3) ... View more

Yes, this is doable. You can configure a custom login page, which based on source ip, sends the user to correct page. Here's some sample code for LoginPage.thtml: <% USE CGI %> <% ipaddress = CGI.remote_addr() %> <% matches10 = ipaddress.match('(^10\..)') %> <% IF (matches10 = ipaddress.match('(^10\..)')) %> You'll need to read the custom page how to, but this is not hard to do. We've done several things just like this. ... View more

screenshots attached what this gives you is single sign-on rdp to an ip pulled out of ldap just need to have your Windows guys set ip of user to custom ldap attribute ... View more

If you're referring to Oracle forms, I've tried all the suggestions by Juniper, but the most stable way I've found to do this is to: 1. create web resource profile with a bookmark that opens in new window and assing to a user role 2. give net connect to that user role and allow to connect on webserver port as well as tcp hi ports > 1024 3. add web rewriting policy to do selective rewriting and assign to the user role and choose "Don't rewrite content: Redirect to target web server" I have this working on 5 different Oracle forms apps, 3 of which are different Oracle versions. ... View more