Forum Discussion
JoeTheFifth
Altostratus
AltostratusF5 UAG SharePoint 2010 (NO DIRECT ACCESS)
Hi Guys,
I cannot find any info on using UAG with F5 in non integrated NLB mode and without DirectAccess. We are using UAG to publish SharePoint sites.
Just to share my config and get feedb...
JoeTheFifthAltostratus
Altostratussmall update here: everything works now and here is how the setup has been done:
client => https = UAG VIP (SNAT + generic persistence profile + above cookie irule based on the mydomain.com => ssl => UAG servers => ssl => SharePoint VIP (SNAT) => ssl => SharePoint Servers.
this line in the irule has been changed :
if { $cookies contains "BIGipServer" } {
to
if { $cookies contains "BIGipServerUAGVIPPOONAME" } {
this is because we have too BIGipServer cookies in the chain, one for UAG and the second for SharePoint. so if we check for the string "BIGipServer" only we overwrite both cookies wiith the same UAG cookie and we loose the sharepoint cookie.
We enabled SNAT because the UAG and the SharePoint servers do not go through the F5 to communicate. SNAT forces them to. We enabled x-forwarded-for on both VIPs to log client ips in case we need t in the future.
We did test Source_addr persistence but it was not a valid option since persistence is not maintained when the request for webapp1.mydomain.com comes from one proxy server ip and the webapp2.mydomain.com comes from another proxy server ip in the same user session.
thank you all for your suggestions.
wng_98840
Nimbostratus
NimbostratusHi JoetheFifth,
Would it be possible to post up the irule you are using for this setup? When you mention 'generic persistence profile' do you mean 'universal' ? We are experiencing some SP2010 rendering issues within the same scenario as you have posted.
Thanks,
Bill