For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

HandleX101_3510's avatar
HandleX101_3510
Icon for Nimbostratus rankNimbostratus
Nov 10, 2015

F5 Deployment Options for Microsoft AD FS

Hello everyone,   I have read over the F5 iApp/Microsoft AD FS Deployment Guide and have done my DD by researching online, however it seems all my researching and reading so far has proven to be f...
microsoft
mikeshimkus_111's avatar
mikeshimkus_111
Historic F5 Account
Nov 10, 2015

Hi,

 

Load balancing the AD FS Proxy servers isn't required; the diagram is displaying that option. You can deploy AD FS Proxy behind LTM, or on its own. Both would forward traffic to an LTM fronting the AD FS servers.

 

If you just have AD FS servers, you can secure them with APM doing pre-auth and SSO; no AD FS Proxy required in that scenario.

 

You could do 4 by deploying the iApp twice on the same pair of LTMs, with the AD FS Proxy VS listening only on the DMZ VLAN(s) and the Proxy server pointing to the AD FS VS, which would be listening on the internal VLAN. The AD FS VS would need to be Fast L4 (no SSL decryption).

 

Does that help?