Forum Discussion
CumulonimbusBIG-IP WebGUI via APM Portal Access
Hi,
We have built up a LAB with a APM in front of it. As of now we just have Network Access configured to have our internal LAB networks available to the outside and several Weblinks to our BIG-IPs. But this only works after you are successfully connected to the VPN. So the idea and question is now, is it possible to connect to the WebGUI of our BIG-IPs through the APM. I think the only possible way would be the Portal Access, but I didn't get it working. So in case it is possible, can someone provide the required steps to get this working?
btw. the APM is running with 11.5.1 HF2
Thank you!
Ciao Stefan :)
5 Replies
- Matt_Dierick
Employee
Hi Stefan,
You do right. You need a portal access on your webtop full. You need to set your DNS setting in the BIGIP so that APM resolve your portal access ressource. It's straight forward.
Check logs as well in SSH --> tail - f /var/log/apm
Let me know.
- Stefan_Klotz
Hi Matthieu,
For you it's maybe straight forward, but I still struggling with some parameters. And your remark with the DNS server also brings more question marks than light into the dark.
Regarding the settings, can you maybe explain the function/difference of the Portal Access configuration items (Link Type & Application URI) and the Resource Item (Destination & Paths)?
As of now I have entered the following values:
Link Typ: Application URI
Application URI: https://bigip3.f5-lab.local
Destination: bigip3.f5-lab.local
Paths: *
The APM is able to resolve the bigip3.f5-lab.local to the correct IP-address.
Thank you for your help and detailed information.
Ciao Stefan :)
- Matt_Dierick
Stefan,
First of all, if the bigip is able to resolve the DNS, it's a good news. A portal access is a reverse proxy. Portal access rewrite content from the back end to the front end. I mean, if the Virtual Server has https://external.mysite.com and your internal ressource (the application URI) has http://internal.mydomain.local, then the BIGIP will rewrite like that https://external.mysite.com/f5-w-5435636546345xxxxxxx
So, the link type is your internal URL. Can you confirm bigip3.f5-lab.local is a Web Service (on internal BIGIP or a Web Server) ???
The ressources items, at the bottom, are not mandatory. You can use it if you want to specify specific SSO or compression for a specific/dedicated path. Keep them empty at the moment.
To finish, in your VPE, assign your portal access and a Full Webtop. Last point : did you assign a Server SSL profile on your VS ? It seems your portal access is on 443.
Let me know the result. Do you see the rewrite (f5-w-3242345435) ???
- Stefan_Klotz
Hi Matthieu,
now I can confirm it's straight forward ;)
The Server SSL profile did the trick, thanks for that hint. I'm embarrassed that I didn't realized this. Now I have to check to get SSO working.
btw. my bigip3.f5-lab.local is the WebGUI of another BIG-IP in our LAB.
Ciao Stefan :)
- Matt_Dierick
Good News. For SSO, if it is a Form Based (login password on the webpage), have a look on the template OWA in APM SSO Form Based.
The only way to set your form based SSO, is to take traces with HTTP watch when accessing directly to the web service (without APM). HTTP Watch will provide you with the POST url and the parameters needed (hidden parameters as well).
Ciao.
