F5 Waf AD integration issue

Question

Hi all,&nbsp;I hope this message finds you well. I'm writing to bring to your attention an issue we are experiencing with access to our F5 devices. We have a total of four F5 devices, all of which are Active Directory integrated. Here's a breakdown of the current situation:Port 389 (LDAP):Three out of the four devices are accessible on port 389 without any issues.Port 636 (LDAPS):None of the devices are accessible on port 636 (LDAPS).This includes three of the devices that are accessible on port 389.DMZ Device:One device, which is located in the DMZ, is inaccessible on both ports 389 and 636

aswin_mk · Answer

Hello&nbsp;Please use the link to troubleshoot this :-Troubleshooting LDAP authentication for BIG-IP administrative users (f5.com)&nbsp;also you can check if there is any firewall block between AD servers and F5. Try to ping/telnet ldap servers from F5,Verify network routes

zamroni777 · Answer

that situation basically hapens because of firewall config created by human, not limitation of the technology.
so the solution is human compromise, i.e. set the firewall to allow related f5's ip addresses to access the ad server's ldap/s ports.

Forum Discussion

F5 Waf AD integration issue

2 Replies

Recent Discussions

How to add a new DNS(gtm) to the existing network?

Social Media Marketing

Content Marketing

Failed to add new DNS machine to the existing DNS sync-group

Email Notification Sent For The Configuration Change

Related Content

Access Troubleshooting: BIG-IP APM OIDC integration

Introduction of IDS and WAF

Deploying F5 Distributed Cloud WAF on Kubernetes

WAF evasion techniques for Command Injection

Minimizing Security Complexity: Managing Distributed WAF Policies