F5 SSL VPN windows logon integration with certificate and smartcards

Hi all,

 

we have an F5 SSL VPN with windows logon integration up and running. On server side we have a machine cert check and an on demand cert auth. The user have to authenticate with a machine cert on his client and with a client certificate on a smartcard. Basically it is working but we have some minor issues:

 

First problem is the amount of dialogs and passwords the user has to enter when he logs on. First he has to enter the smartcard pin for windows logon afterwards a machine cert dialog pops up he has to accept and third he has to reenter the smartcard pin. Is there a way to reduce the amount of dialogs? e.g. if there is only one machine cert select this and don't show the dialog. Or is it possible to reuse the pin from the windows login dialog during the second pin dialog?

 

The second problem we have, has to do with the dial up adapter for windows logon integration and folder redirection. Some folders on the clients are redirected and set to a network share. If we use the dial up adapter (for windows logon integration) the access to the redirected folders is slow and laggy meaning it takes about 1-2 seconds to open a folder. If we logon with the F5 Edge client in windows the folders can be accessed fast without a lag. It seems that it has todo something with the dial up connection but I haven't found anything yet.

 

Has anyone experienced similar or eventually have an idea where I can look to fix the problems.

 

Thank you very much

 

Best regards,

 

Mark