For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

BrianG_11931's avatar
BrianG_11931
Icon for Nimbostratus rankNimbostratus
Dec 05, 2011

ADFS 2.0 Client Access Redirect iRule

Hello,     I'm setting up Microsoft ADFS 2.0 in our environment and one requirement is to 1) handle load balancing for federation servers (inside our network) as well as 2) handle load balancing...
application delivery
dev
devops
iRules
BrianG_11931's avatar
BrianG_11931
Icon for Nimbostratus rankNimbostratus
Dec 30, 2011
Ok, I figured this out with the help of F5 Support.

 

 

The biggest thing is that I just needed to edit the Virtual Server "Configuration" (Advanced) so the "SNAT Pool" is set to "Auto Map" to get the traffic to route properly back through the F5 BIG-IP Application Delivery Controller.

 

 

However, I also simplified the rule since the Virtual Server will only be contacted by users attempting to access our Federation Servers:

 

 

when CLIENT_ACCEPTED {

 

if { [IP::remote_addr] starts_with "10." } { pool ADFS_Internal_Pool }

 

elseif { [IP::remote_addr] starts_with "Public IP Range Matching Virtual Server IP." } { pool ADFS_Internal_Pool }

 

elseif { [IP::remote_addr] starts_with "192.168." } { pool ADFS_Internal_Pool }

 

elseif { [IP::addr [IP::remote_addr] equals 172.16.0.0/12] } { pool ADFS_Internal_Pool }

 

else { pool ADFS_External_Pool }

 

}