Forum Discussion
Mahmoud_Eldeeb_
Cirrostratus
CirrostratusHow to use ASM to protect Lync 2013?
How to use ASM to protect Lync 2013? , ltm software version 11.5.
Mark_CloutierNimbostratus
Specific question... Using the LTM as a reverse proxy, Would ASM be a good tool to protect against repeated unsuccessful login attempts, since Lync's lack of SAML compliance means that APM can't do the authentication for us. That authentication doesn't take place until the proxied connection gets all the way to the Lync Front End server that is part of internal AD domain. We have this running in a lab environment, and need to address this security issue prior to going to production.
boneyardMVP
I would start a new question for a new question :) it seems ASM could help you, but it would depend on if you can get it to detect successful / failed login attempts on lync. if you got a lab setup just configure it and see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html
Mark_Cloutier_2Specific question... Using the LTM as a reverse proxy, Would ASM be a good tool to protect against repeated unsuccessful login attempts, since Lync's lack of SAML compliance means that APM can't do the authentication for us. That authentication doesn't take place until the proxied connection gets all the way to the Lync Front End server that is part of internal AD domain. We have this running in a lab environment, and need to address this security issue prior to going to production.
- boneyardI would start a new question for a new question :) it seems ASM could help you, but it would depend on if you can get it to detect successful / failed login attempts on lync. if you got a lab setup just configure it and see: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html
- Chase_Abbott
Employee
R Marc is correct. ASM wouldn't play much against the SIP portions of Lync, and would only potentially protect the Lync web services defined against the front end "External web services" and "Internal web services". Since we'd assume using LTM as the reverse proxy, it may or may not be benefit to use ASM in this instance; especially since any "issues" may not be supported by MSFT until ASM is removed from the config. We are however, certified for reverse proxy by MSFT.
- R_MarcThere's not much to protect. The only HTML component is the web portal. The Lync communications (SIP and other) would not be applicable. For the HTML part, a standard ASM profile would be sufficient, IMO. What ever you would require to satisfy your audit/security requirements.
