Forum Discussion

Nikoolayy1's avatar
May 10, 2022

Can F5 APM act as a Kerberos KDC proxy (like Microsoft DirectAccess) for Zscaler ZIA?

Hello,

 

Zscaler ZIA can user Kerberos Authentication even for Remote users (Road Warriors as they call them) but then a KDC proxy is needed like Microsoft DirectAccess to translate the HTTPS Kerberos traffic to normal TCP (like a proxy but for Kerberos) and I was wondering if F5 APM can do the same and to provide the ticket to client that then the client sends to Zscaler. All the F5 APM features seem to be related to not send the ticket directly to the client but to act as a man in the middle.

 

https://help.zscaler.com/zia/about-kerberos-authentication

https://help.zscaler.com/zia/about-kerberos-authentication#kerberos-features

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/d688ea3a-04b0-45ea-8226-82a74cb6289e