Home Ustad Pro Authenticating a Local Traffic Manager (LTM) User through APM

Authenticating a Local Traffic Manager (LTM) User through APM

0

BIG IP APM is two solutions rolled up in a single solution, First is Remote access solution ( network access – SSL VPN, Portal access and App tunnel – Single Application tunnel including remote desktop) and second solution is Policy enforcement Point ( Authentication and authorization, Endpoint inspection, Access control lists, Single Sign-On ( including OAM, Kerberos, SAML, and OAuth).

Authenticating a Local Traffic Manager (LTM) User through APM

Here is the Authenticated LTM user Scenario,

 

Authenticating a Local Traffic Manager (LTM) User through APM

LTM + APM Technology overview

LTM and APM are provisioned on the same box and when any user request comes it will go to APM to check user is valid or no, APM will validate this user identity through AD.

Authenticating a Local Traffic Manager (LTM) User through APM

The first thing we required is Pool and create a Virtual Server and associate TCP, ClientSSL, HTTP, Server SSL and Access profiles. With Access profiles, we are implementing APM features on LTM pool.

Authenticating a Local Traffic Manager (LTM) User through APM

For AD auth, first, you need to add ADD server.

Authenticating a Local Traffic Manager (LTM) User through APM

Here is Complete Process to Authenticating LTM User through APM

Before configuration, you need to confirm Pool exists by navigating to Local Traffic, Pool > Pool list. if you don’t have exiting pool, create a new oneAuthenticating a Local Traffic Manager (LTM) User through APM

Now we need to create an AAA server, Navigate to Access > Authentication > Active Directory.

Authenticating a Local Traffic Manager (LTM) User through APM

Now enter the name of your AAA server and put your domain name here and click on the Finish to finish it.

Authenticating LTM User through APM

now next step is to create an Access Policy, to do that Click on the Access > Profiles /Policies > Access Profiles ( Per -session Policies), click on the + icon to create a new one.

Authenticating a Local Traffic Manager (LTM) User through APM

and enter the name of profile and leave profile type ‘All” and also select accepted language here and click on the finish.

Authenticating a Local Traffic Manager (LTM) User through APM

now we need to edit your created access policy by clicking Edit option.

Authenticating a Local Traffic Manager (LTM) User through APM

it will open in new browser window

Authenticating a Local Traffic Manager (LTM) User through APM

now select the “logon Page ” radio button and click on the “add item ‘ option to add here.

Authenticating a Local Traffic Manager (LTM) User through APM

and now click on the save option to save your settings.

Authenticating a Local Traffic Manager (LTM) User through APM

Now our login page is created and now we need to add other parameters here like AD authentication. To do so click on the + sign here.

Authenticating a Local Traffic Manager (LTM) User through APM

and select the “AD Auth” and click on the ‘Add item ” here.

Authenticating a Local Traffic Manager (LTM) User through APM

Select your AAA server here and click on the Save option to save your settings.

Authenticating a Local Traffic Manager (LTM) User through APM

Now you need to correct your Successful ending by click on it, select Allow and Finally click on the “Apply Access Policy ” here.

Authenticating a Local Traffic Manager (LTM) User through APM

Click on the Close button to close this editing.

Authenticating a Local Traffic Manager (LTM) User through APM

Now we need to create a Virtual Server and associate this policy with that server.

Authenticating a Local Traffic Manager (LTM) User through APM

To create a new virtual server, click on the Local Traffic > Virtual Server > Virtual Server List and click on the + sign to create a new Virtual server.

Authenticating a Local Traffic Manager (LTM) User through APM

and enter a name , IP-address and service port here.

Authenticating a Local Traffic Manager (LTM) User through APM

and now select HTTP profile, ClientSSL and ServerSSL profile.

Authenticating a Local Traffic Manager (LTM) User through APM

Select your Access Policy here

Authenticating a Local Traffic Manager (LTM) User through APM

and select your pool here and click on the finish to finish your settings.

Authenticating a Local Traffic Manager (LTM) User through APM

Your Configuration part was done, it’s time to test. Now enter your Virtual server IP in your Browser, it will prompt you F5 Login page. Remember one thing here, User needs to enter his/her credentials three times then it will authenticate the first time.

Authenticating a Local Traffic Manager (LTM) User through APM

Also, Check Most Common F5 101 exam question and Answers

https://youtu.be/CAd99UHWLZU

Configuring Portal Access

We require adding “Rewrite ” profile on the Virtual Server to enable Portal access.

Authenticating a Local Traffic Manager (LTM) User through APM

Navigate to Local Traffic > Virtual Server > Virtual Server List and select “Rewrite ” profile here.

Authenticating a Local Traffic Manager (LTM) User through APM

Then navigate to Access > Connectivity / VPN > Portal Access > Portal Access List.

Authenticating a Local Traffic Manager (LTM) User through APM

Click on the “Create With Template” option here.

Authenticating a Local Traffic Manager (LTM) User through APM

and select your OWA template and provide your Hostname or IP-address along with Application URI here.

Authenticating a Local Traffic Manager (LTM) User through APM

Finally, you need to modify “AD Query“.

Authenticating a Local Traffic Manager (LTM) User through APM

Click on the “AD Query” option and click on the “Authentication

Authenticating a Local Traffic Manager (LTM) User through APM

Select your AAA server here.

Authenticating a Local Traffic Manager (LTM) User through APM

Finally, we need to modify “Advanced Resources Assign“.

Authenticating a Local Traffic Manager (LTM) User through APM

Now click on the “Add new entry” option.

Authenticating a Local Traffic Manager (LTM) User through APM

Click on the “Add/Delete” under expression.

Authenticating a Local Traffic Manager (LTM) User through APM

Now click under “Portal Access” and Select your resources here.

Authenticating a Local Traffic Manager (LTM) User through APM

Now click on the “Change” option under Expression.

Authenticating a Local Traffic Manager (LTM) User through APM

Now click on the “Add Expression”

Authenticating a Local Traffic Manager (LTM) User through APM

Specefy AD query here.

Authenticating a Local Traffic Manager (LTM) User through APM

Finally, click on the Save to Save the policy.

Authenticating a Local Traffic Manager (LTM) User through APM

Now your policy will be like below policy. That’s it.

Authenticating a Local Traffic Manager (LTM) User through APM

Now test your OWA from outside. That’s it.

Hope my article “Authenticating a Local Traffic Manager (LTM) User through APM” helps you to configure APM in your environment. If you have any query, feel free to comment.