Forum Discussion

N__197982's avatar
N__197982
Icon for Nimbostratus rankNimbostratus
Jun 06, 2017

design help for authentication using F5 APM.

Folks, We are looking at some help on getting our authentication piece configured using APM. The requirement here is that in case any user wants to reach servers on the network he should pass through an authentication policy which uses APM.

 

The network is defined as a separate VLAN. The challenge here is that we do not have the liberty to buy an entire hardware piece due to the costs. We have to live with a F5 VE and use the APM module. This authentication would cater to around 10000 VM's.

 

Any suggestions?

 

Any suggestion on ow to get this working? We do not want to use the F5 as the gateway for all VM's as this would end up choking the virtual box.

 

What I can think is something like a redirection(similar to a wccp) on a Cisco switch or something on a Palo Alto firewall. I mean redirect the first packet to a F5 APM only for the authentication piece and then move it back on the network.

 

Any suggestions? comments? recommendations?

 

Thanks!!!!! N.

 

APM
application delivery

1 Reply

Sort By
  • Martijn_van_de1's avatar
    Martijn_van_de1
    Icon for Cirrus rankCirrus
    Jun 15, 2017

    Hi,

     

    So you want to use the F5 APM for authentication only? Can you explain why? I understand from you question all users are internal. They can access the servers directly.

     

    I asume you have a external user database like AD or LDAP, so why not let the servers authenticate directly against those user databases?

     

    You need some kind of mechanism so the F5 APM can tell the server authentication was succesfull. I am not sure if there is a easy way to accomplisch this.

     

    Regards, Martijn