For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Andy_01_133092's avatar
Andy_01_133092
Icon for Nimbostratus rankNimbostratus
Sep 05, 2013

Implementation issues with new software going through F5 load balancer

We're testing our in house software on a clients site who use F5 load balancer. All their traffic goes through there. They have other applications that work fine through the F5 as well. We're setting...
deployment
microsoft
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 06, 2013

But if we go through the F5 to get to dc, that's when it fails. No passing of token.

 

And that's the nature of my first question. Does the client actually have to go through the F5 to get to the DC or does it just use the F5 to get to the app? When you're talking about Kerberos specifically, the client will make at least TWO requests - one to the KDC (an accessible domain controller in its environment), and then the other to the application. Have you defined, or do you require that the client attempt to contact the domain controller through the F5? Are these local clients that would otherwise already have access to the KDC, locally?

 

Is this a simple load balancing VIP, or are you establishing an SSL VPN?