Forum Discussion
jeffrey1984
Cirrus
CirrusF5 LTM authentication using Remote-APM based
We are planning to use DUO authentication for all users access to our LTM. Currently we are using RSA to authenticate all logins to the LTM . We understand that in order to achieve this, we need to create Access Policy thru the APM using Radius . Also needs to do some editing on the access policy itself. Under System>Users:Authentication, there is an option to use Remote- APM based which we think we needed. However were not sure if selecting that option automatically makes local authentication as a fallback in case any issues happens on the Radius server . Thanks in advance
- Daniel_Wolf
MVP
As far as I can see. the Remote-APM option is available in BIG-IP 13.x and 14.x. In 15.x it is not available anymore.
Also, not like Remote - AD oder Remote - LDAP, you don't have the option to Fallback to Local.
See this knowledge base article: K67025432: Configuring remote authentication fallback on BIG-IP systems
jeffrey1984Thank you Daniel appreciate your response. Are there options for us to use DUO for LTM device authentication?
- Daniel_Wolf
I am afraid not Jeffrey, neither for authenticating users to the BIG-IP admin GUI nor for virtual server authentication.
For virtual server auth, I have really good experience with DUO and APM. Great solution.
boneyardI checked this today on 15.1.2 and i have the Remote - APM Based option, i also can create the APM profile for it.
it probably doesnt get you to achieve what you want with DUO as you keep using the normal login page (not an actual APM one) so there is no space for a third field or to ask later for another field.
