Forum Discussion
How to use ASM to protect Lync 2013?
How to use ASM to protect Lync 2013? , ltm software version 11.5.
- R_MarcNimbostratusThere's not much to protect. The only HTML component is the web portal. The Lync communications (SIP and other) would not be applicable. For the HTML part, a standard ASM profile would be sufficient, IMO. What ever you would require to satisfy your audit/security requirements.
- Chase_AbbottEmployee
R Marc is correct. ASM wouldn't play much against the SIP portions of Lync, and would only potentially protect the Lync web services defined against the front end "External web services" and "Internal web services". Since we'd assume using LTM as the reverse proxy, it may or may not be benefit to use ASM in this instance; especially since any "issues" may not be supported by MSFT until ASM is removed from the config. We are however, certified for reverse proxy by MSFT.
- Mark_CloutierNimbostratus
Specific question... Using the LTM as a reverse proxy, Would ASM be a good tool to protect against repeated unsuccessful login attempts, since Lync's lack of SAML compliance means that APM can't do the authentication for us. That authentication doesn't take place until the proxied connection gets all the way to the Lync Front End server that is part of internal AD domain. We have this running in a lab environment, and need to address this security issue prior to going to production.
- I would start a new question for a new question :) it seems ASM could help you, but it would depend on if you can get it to detect successful / failed login attempts on lync. if you got a lab setup just configure it and see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html
- Mark_Cloutier_2Nimbostratus
Specific question... Using the LTM as a reverse proxy, Would ASM be a good tool to protect against repeated unsuccessful login attempts, since Lync's lack of SAML compliance means that APM can't do the authentication for us. That authentication doesn't take place until the proxied connection gets all the way to the Lync Front End server that is part of internal AD domain. We have this running in a lab environment, and need to address this security issue prior to going to production.
- I would start a new question for a new question :) it seems ASM could help you, but it would depend on if you can get it to detect successful / failed login attempts on lync. if you got a lab setup just configure it and see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com