Forum Discussion

6 Replies

Sort By
  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus
    Dec 20, 2014
    There's not much to protect. The only HTML component is the web portal. The Lync communications (SIP and other) would not be applicable. For the HTML part, a standard ASM profile would be sufficient, IMO. What ever you would require to satisfy your audit/security requirements.
  • Chase_Abbott's avatar
    Chase_Abbott
    Icon for Employee rankEmployee
    Jan 06, 2015

    R Marc is correct. ASM wouldn't play much against the SIP portions of Lync, and would only potentially protect the Lync web services defined against the front end "External web services" and "Internal web services". Since we'd assume using LTM as the reverse proxy, it may or may not be benefit to use ASM in this instance; especially since any "issues" may not be supported by MSFT until ASM is removed from the config. We are however, certified for reverse proxy by MSFT.

     

  • Mark_Cloutier's avatar
    Mark_Cloutier
    Icon for Nimbostratus rankNimbostratus
    Apr 02, 2015

    Specific question... Using the LTM as a reverse proxy, Would ASM be a good tool to protect against repeated unsuccessful login attempts, since Lync's lack of SAML compliance means that APM can't do the authentication for us. That authentication doesn't take place until the proxied connection gets all the way to the Lync Front End server that is part of internal AD domain. We have this running in a lab environment, and need to address this security issue prior to going to production.

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Apr 04, 2015
      I would start a new question for a new question :) it seems ASM could help you, but it would depend on if you can get it to detect successful / failed login attempts on lync. if you got a lab setup just configure it and see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html
  • Mark_Cloutier_2's avatar
    Mark_Cloutier_2
    Icon for Nimbostratus rankNimbostratus
    Apr 02, 2015

    Specific question... Using the LTM as a reverse proxy, Would ASM be a good tool to protect against repeated unsuccessful login attempts, since Lync's lack of SAML compliance means that APM can't do the authentication for us. That authentication doesn't take place until the proxied connection gets all the way to the Lync Front End server that is part of internal AD domain. We have this running in a lab environment, and need to address this security issue prior to going to production.

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Apr 04, 2015
      I would start a new question for a new question :) it seems ASM could help you, but it would depend on if you can get it to detect successful / failed login attempts on lync. if you got a lab setup just configure it and see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html