F5 SSL Offload and Sharepoint AAM's.

Question

Hi, 
I have been working on a F5 APM application for some time now. I used the latest Sharepoint iAPP to create a connection to my inside sharepoint servers. I am using SSL offloading by the F5 and most things seem to be working. However, my SP Admin had to modify the sharepoint AAM's in order to get everything working correctly. Below is what he had to do: &nbsp;
Internal URL --------------------------Zone ----------Public URL for Zonehttps://app.ourcompany.com ----Default ---------https://app.ourcompany.comhttp://app.ourcompany.com ------Default --------https://app.ourcompany.com
While this seemed to fix the SP app coming through the F5, the inside users can no longer access the site using the same name. Keep in mind that there is no cert on the server itself. This seemed to be the recommended way of setting up the AAM's from the F5 deployment guides and seems to be only way to get the SP app working correctly. &nbsp;
Something else we tried was to set the AAM's like the following: &nbsp;
Internal URL ----------------------------Zone ----------Public URL for Zonehttps://app.ourcompany.com -------Default -------https://app.ourcompany.comhttp://app.ourcompany.com ---------intranet ------http://app.ourcompany.com
While this did fix the inside access, issues (drop down menus not working and such) returned to users coming in through the F5. &nbsp;
As best we can tell, since the F5 is doing the SSL offload, all access to the internal server from the F5 is done over HTTP and the AAM settings seem to affect this traffic. This appears to be some sort of SP thing.. &nbsp;
Anyone doing SSL offload on the F5 for Sharepoint access and using the same URL internal and external? If so, how did you resolve this particular issue? Did you use an irule? different URL for inside users? ??? &nbsp;
Thanks in advance for any help on this issue, 
Thanks, 
Danny&nbsp;

mikeshimkus_111 · Answer

Hi Danny, I do have this working in my lab.  The external and internal users are hitting different virtual servers on their respective networks.  Both virtuals were deployed with the same settings (offloading SSL, etc).  My AAMs are set the same as what you have in your first example.&nbsp;
Are your internal users going through the BIG-IP, or are they trying to hit the SharePoint servers directly?&nbsp;
thanks&nbsp;
Mike&nbsp;

dannyg_34437 · Answer

Hi Mike, my internal users are trying to hit the servers directly. &nbsp;
Thanks,
danny&nbsp;

dannyg_34437 · Answer

Mike, just to clarify, my internal users are hitting the SP server directly and I am not currently using a VS internally. If that is something I need to do to make this happen, then I am open to suggestions on how to set this up.. Thanks, Danny

mikeshimkus_111 · Answer

The servers would definitely need https bindings and a cert assigned to them for you to connect encrypted to them directly.  I assume you are doing DNS load balancing for these internal clients.  &nbsp;
Are you running SharePoint 2010 or 2013?&nbsp;

dannyg_34437 · Answer

Running 2010 and am only running single servers so no load balancing. Currently really only using the F5/APM to provide external access to internal resources.&nbsp;
dg&nbsp;

Forum Discussion

F5 SSL Offload and Sharepoint AAM's.

9 Replies

Recent Discussions

ASM cookie, modifying "domain" field

URL

service profile HTTP in LTM v16.1?

iRule resulting in too many redirects

Azure SAML - F5 APM

Related Content

APM Sharepoint authentication

APM Sharepoint authentication v2

SSL Offload with HTTP/2.0

iRule for migrating to Sharepoint Online

HTTPS offload rewriting