thanks for your second update. I noticed, that you now also uses the ""Restrict Access to IP Address"-assertion, means this assertion CAN handle variables.
The only thing you have to keep in mind is NOT to use array-variables. If in use (as in my code as well), you have to put its content in a "normal" variable.
With this small change, my code is working now as well.
Original Message:
Sent: 01-29-2020 06:49 AM
From: Ronald Dsouza
Subject: Restrict Access to IP Address with Variables
Sorted.. Somehow the Restrict assertion was not taking multi valued variables like an array which is why I had restricted only to class a, class b and class c.
Now the attached version can cater to any class
Regarding the text field you could create a context variable called ip range and add the context variable as input
Note: Please disable (audit message policy and audit message in the encapsulation) enabled it for testing purpose..
------------------------------
Pre-Sales Consultant
CA Southern Africa
Original Message:
Sent: 01-29-2020 06:09 AM
From: Stefan Klotz
Subject: Restrict Access to IP Address with Variables
Hi Ronald,
that's indeed a nice assertion, but only works with fixed classA, classB and classC networks. Ok, it could at least be easily extended to work with /32 as well.
But the nice part of the "Restrict Access to IP Address"-assertion is, that it works with each CIDR, so also for small subnets/ranges like /28 or /30.
Also the input-variable of the allowed IPs/networks from your assertion is a "one-line" string, which is very hard to handle/maintain if you have a huge list of entries. In a multivalued-variable in comparison you can add each IP/network as a single row and it's scrollable.
Also I assume, that the built-in assertions have a better performance than a own-built assertion.
Nevertheless I will think about it and maybe I can use it.
Thank you!
Ciao Stefan :)
Original Message:
Sent: 01-29-2020 05:26 AM
From: Ronald Dsouza
Subject: Restrict Access to IP Address with Variables
Try this encapsulation
You can modify you encapsulation as per your need and error handling requirement
I think you are right with regards to it not accepting context variable
------------------------------
Pre-Sales Consultant
CA Southern Africa
Original Message:
Sent: 01-29-2020 03:00 AM
From: Stefan Klotz
Subject: Restrict Access to IP Address with Variables
Hi,
as it is not possible to define a list of allowed IP-addresses within the "Restrict Access to IP Address"-assertion, I was trying to built a workaround with "Run Assertion for Each Item". But it seems that the IP Range fields are NOT supporting variables.
Can you please confirm, if this is true? Or otherwise can you help me identifying my issue as it's currently not working?
Or is there any other method to manage all allowed IPs in a single place instead of inserting an additional "Restrict Access to IP Address"-assertion each time.
Thank you!
Ciao Stefan :)