F5 and Direct Access

Hi, without all details about what kind of clients will access the DA it´s no straight way to have a "best setup" in the ltm. it all depends if win 7, or 8 and what the DA configuration is.

But, to have a simple setup I usually say that a performance l4 VS is a start. Regarding your http monitor issue i think I know what you have to do, this will also be a simple monitor that is a good start and you can then dig into optimizing it with client certificate in your monitor or other spoofing so the ltm will be recognize by the DA as a "client".

The first thing you should do is to issue below command in one of your windows clients: netsh int httpstunnel show interfaces

in the output you will find the URL where you can see that /IPHTTPS is mandatory in the request and also your hostname.

So these value you will need to add in your https monitor as below: GET /IPHTTPS HTTP/1.1\r\nHost: xxx.xxxx.xxx\r\nConnection: Close\r\n\r\n Becasue your request from the ltm is not a "valid" client you will need to put in HTTP/1.1 403 in the receive string.

and becasue DA takes ~ 5-6 minutes to start all services, put in a delay "time until up" about 500 seconds.

above is a pretty good start and when you have this in place you can then later customize this with a certificate that is OK by the DA and other mandatory checks and all this together will give you a monitor that verify the DA service.

I hope this can give you a start.

Br Beinhard