F5 Monitoring with Solarwinds

MVP

Feb 15, 2025

Hi,

I attempted to test this in my home lab environment for you (my first time using Solarwinds)

Can someone elaborate on why local accounts are required and an AD account would not work

You can use an AD account. However, this AD account must have an admin role. If you try to use an AD account with any other role (even resource admin), when you try specifying the credentials in the "F5 iControl Polling Setting" section of Solarwinds, you will get the following error:

(Connection attempt failed! F5 iControl credentials are incorrect. Provide correct credentials)

If remote authentication to AD is enabled, it seems that the local accounts created for Solarwinds would never be used unless the remote authentication was down.

When configuring Active Directory on the BIG-IP for remote authentication, there is an option which you can enable named "Fallback to Local". While this feature is described as - "specifies that the system uses the Local authentication method if the remote authentication method is not available", I found that I was able to login successfully to the BIG-IP using a local user account even when my AD server was available. The caveat with this is that you must copy the the local username to the /config/bigip/auth/localusers file on the BIG-IP otherwise it will not work. It also doesn't persist a code upgrade, so you must ensure that you copy the local username to this file after any code upgrade.

Solarwinds does not seem to reference the permissions required for the account used in iControl configuration. With the reference to health monitors and pool members, both Manager and Application Editor seem to refer to those objects in the user role section of F5 documents. I would hope that administrator permissions on the device would not be required for whatever accounts Solarwinds is using for monitoring F5 environments.

I agree, the Solarwinds documentation is not very comprehensive. No matter what I tried, I was unable to get their "change rotation presence" (i.e. take a pool member out of rotation) feature to work - even when using local admin or remote AD admin credentials. However, if you do not need this feature and you are looking for the least privilege access to integrate with Solarwinds, then you should create a local user on the BIG-IP with guest role access. From what I have tested, this guest role access allows you see the health of the virtual servers and pools (including whether health checks that are passing / failing).

Load Balancing Dashboard Screenshot

Error Received When Trying to Take a Pool Member out of Rotation

Hope this helps,

Michael

Forum Discussion

F5 Monitoring with Solarwinds

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Terraform LTM provider - ICMP disabled on resulting VIPs

SSLO Policy Condition - Server Certificate (Issuer DN)

Related Content

Monitor receive String for Solarwinds

F5 SIRT FireEye / SolarWinds Guidance Update

Simplifying Application Health Monitoring with F5 BIG-IP

External Monitor Information and Templates

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS