For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Azzeddine_S's avatar
Azzeddine_S
Icon for Cirrus rankCirrus
Jun 22, 2023

F5 APM Check Domain Membership

Hi all, When it comes to validate a computer before give access to the corporate network it seems obvious and mandatory to check if it is part of the active directory, the way it is done on F5 APM t...
security
whisperer's avatar
whisperer
Icon for MVP rankMVP
Jun 22, 2023

Anything can be faked 😉 However, it is a bit more difficult to forge SSL certificates! Additionally, you can always revoke them individually if a device is reported stolen for instance.

Here is a good start for this:

https://my.f5.com/manage/s/article/K12354

 

 

Azzeddine_S's avatar
Azzeddine_S
Icon for Cirrus rankCirrus
Jul 03, 2023

Hi Whisperer,

First thanks for your reply and help.

I am also following that way to secure the access by creating a lab as follows :


                                                                                                        ----------- Server-01
Client PC ----------- Router ----------- BIG-IP-VE ----------- Router
                                                                 |                                     ----------- Server-02
                                                                 |
                                                                 |
                                                   Active Directory
                                                           with CA

Client PC: Windows 10

Routers : VyOS

BIG-IP: Version 17.x

Servers : Rocky Linux with Apache

Active directory : Windows Server 2022

 

but i could not find a good documentation about how to integrate the BIG-IP with the CA.

have you ever succeded to doit?
if so do you have any documentation to share

thanks in advance.