F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

msprecher's avatar
msprecher
Icon for Nimbostratus rankNimbostratus
Feb 14, 2025

F5 Monitoring with Solarwinds

Hello Dev Central,  Our organization is new to F5 and we are currently implementing F5 (r5600 appliances). LTM is running on v17.1.01. We have Solarwinds in our environment so are looking to use tha...
application delivery
Michael_Saleem's avatar
Michael_Saleem
Icon for MVP rankMVP
Feb 15, 2025

Hi,

I attempted to test this in my home lab environment for you (my first time using Solarwinds)

Can someone elaborate on why local accounts are required and an AD account would not work

You can use an AD account. However, this AD account must have an admin role. If you try to use an AD account with any other role (even resource admin), when you try specifying the credentials in the "F5 iControl Polling Setting" section of Solarwinds, you will get the following error: 

(Connection attempt failed! F5 iControl credentials are incorrect. Provide correct credentials)

If remote authentication to AD is enabled, it seems that the local accounts created for Solarwinds would never be used unless the remote authentication was down.

When configuring Active Directory on the BIG-IP for remote authentication, there is an option which you can enable named "Fallback to Local". While  this feature is described as - "specifies that the system uses the Local authentication method if the remote authentication method is not available", I found that I was able to login successfully to the BIG-IP using a local user account even when my AD server was available. The caveat with this is that you must copy the the local username to the /config/bigip/auth/localusers file on the BIG-IP otherwise it will not work. It also doesn't persist a code upgrade, so you must ensure that you copy the local username to this file after any code upgrade.

Solarwinds does not seem to reference the permissions required for the account used in iControl configuration. With the reference to health monitors and pool members, both Manager and Application Editor seem to refer to those objects in the user role section of F5 documents. I would hope that administrator permissions on the device would not be required for whatever accounts Solarwinds is using for monitoring F5 environments.

I agree, the Solarwinds documentation is not very comprehensive. No matter what I tried, I was unable to get their "change rotation presence" (i.e. take a pool member out of rotation) feature to work - even when using local admin or remote AD admin credentials. However, if you do not need this feature and you are looking for the least privilege access to integrate with Solarwinds, then you should create a local user on the BIG-IP with guest role access. From what I have tested, this guest role access allows you see the health of the virtual servers and pools (including whether health checks that are passing / failing).

Load Balancing Dashboard Screenshot

Error Received When Trying to Take a Pool Member out of Rotation


Hope this helps,

Michael