Dynamic and static clients + overlapping dynamic client pools

[Fraley, Taylor]

A couple of questions, and apologies if I'm duplicating previous questions - I just haven't been able to find a straight-forward answer to either of these questions:


  1.  When you have a configuration with both static client entries and dynamic client pools, where the static clients are contained in the dynamic pool, will FR prefer the static client entry and secret?
  2.  Can you have two or more overlapping dynamic client pools with different secrets. Perhaps even multiple pools with the same subnet but different secrets?

For context, we have a large enterprise that uses a handful of shared secrets based on client type. But these different client types are scattered around the same subnets, so it would be impossible or nearly so to specify dynamic blocks of any reasonable size. Most clients will be preconfigured as static clients however, hence question 1. But we need to account for new clients coming online within allowed subnets, but they could be using one of the handful of secrets. With our current solution, we have a script that monitors for new client requests via log and creating static clients on-demand, but the current solution doesn't require a restart to refresh the clients list, so looking for alternatives as we look to FR as a replacement.

Thanks,
Taylor
This communication is the property of Lumen Technologies and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.