Forum Discussion

Edouard_Zorrill's avatar
Edouard_Zorrill
Icon for Nimbostratus rankNimbostratus
Jun 20, 2016

Can APM Authenticate FTP via Active Directory ?

I was asked to implement FTP and be authenticated via APM which handles communication with the Active Directory.

 

is it possible ?.

 

Thank-you.

 

APM
application delivery
LTM
security

3 Replies

Sort By
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Jun 20, 2016

    I've been thinking about writing up an article like this.

     

    However since APM isn't an FTP server, it has to sort of shim in the middle between a client and a normal FTP. How were you thinking to implement it? What were you going to use as the FTP server and how is APM to pass credentials to it?

     

    Maybe the FTP server could just use anonymous and APM could be an Authenticated --> Anonymous FTP gateway proxy.

     

    • Edouard_Zorrill's avatar
      Edouard_Zorrill
      Icon for Nimbostratus rankNimbostratus
      Jun 20, 2016
      I am not sure if APM can do the authentication part of FTP, but I was asked if that is possible. I am not pretending to move all FTP traffic via APM, only the authentication part. I will have an FTP server on DMZ which has the data, but the accounts to be permitted to FTP will be in Active Directory. I can authenticate HTTP traffic via APM with an external logon server, but not sure if that is possible for FTP. Please advise. Thank-you.
    • Lucas_Thompson_'s avatar
      Lucas_Thompson_
      Historic F5 Account
      Jun 20, 2016
      Yes it is likely possible. It would require writing some irules and a clear understanding of how BIG-IP handles access policy evaluation, access profile session creation and management, and RFC 959.