For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

opers13_3280's avatar
opers13_3280
Icon for Nimbostratus rankNimbostratus
Sep 08, 2009

F5 and RSA Token.

we are in the process of deploying two factor authentication...do I need any "special" config on the F5 side for it to pass authentication at all?   thanks
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 09, 2009
If you want to have LTM perform client authentication on a VIP you would need the ACA license. You can check to see if the ACA is listed as active or optional in your /config/bigip.license or in the GUI under System | License. If you see ADD CLIENT AUTHENTICATION under the Optional section you don't have it. You can contact your F5 account manager to get a quote for adding it. You need a license per LTM unit.

 

 

There is a default LDAP authentication iRule in the /config/profile_base.conf file. You can think of that as a starting point for implementing the authentication. You'll probably want to copy the default iRule and customise it to provide better client feedback for authentication failures.

 

 

Aaron