Forum Discussion

Nimbostratus

Mar 30, 2020

Pulse Integration – F5 iRule AVP Insert

Hello F5 world, I have few questions regarding pulse integration with F5. we are trying to integrate pulse seccure and write some Irules which redirect the traffic to ISE from pulse. is there a...

Employee

Take a look at https://clouddocs.f5.com/api/irules/HTTP__redirect.html which shows you how to use redirect. You may find that LTM policies work better. If you provide more information about what you actually want then we may be able to help out with an iRule

Manoj_T

Nimbostratus

Apr 07, 2020

Hi Pete white,

Thanks for answering my concer. Here is the detailed version what we are expecting to do. we got pulse secure for all the type of connections out of the network. when user hits pulse secure, it should redirect the traffic to F5 which is connected next to the Puse secure and F5 after receiving that packet it should forward it to ISE where F5 need to act as a RADIUS PROXY. "(radius call from UAC through F5 to ISE ) . (F5 acting as a radius proxy)". Do this information is good or do i need to provide much more.?

Regards,

PeteWhite
Employee
Apr 07, 2020
OK, BIG-IP will act as a radius proxy with a virtual server - you can decode radius messages if you add a radius profile to it and use radius iRule commands such as that RADIUS::avp. If you don’t need to do decoding then you can just use a layer 4 virtual server
Manoj_T
Nimbostratus
Apr 07, 2020
Hi Pete,

Appreciate your response. As i am pretty new to F5, do you have any procedure steps or reference documents which i can follow.? please share them and that would be really helpful to me. Thanks.

MT
Manoj_T
Nimbostratus
Apr 07, 2020
Also i have a quick question on this. when it received the radius request from UAC(Pulse), injected the additional attributes with iRule, and forwarded to ISE for processing. The additional attributes which we are looking for is pasted below.

Calling-Station-ID (tracks individual client by MAC or IP address) >> Could be made equal to Tunnel-Client-Endpoint Value.
User-Name (tracks remote client by login name) >> Already present.
NAS-Port-Type (helps to determine connection type as VPN) >> Missing.
RADIUS Accounting Start (triggers official start of session)>> This is already present with Framed-ip-address.

We are concerned about "NAS-port-Type and Radius Accounting Start- Missing Framed IP-address."

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Pulse Integration – F5 iRule AVP Insert

Recent Discussions

Upgrade F5 BIGIP

MAC address of deleted VS IP address still responsive

ports are showing open on online scanning tool

how to whitelist new source IP on F5 web UI access

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

Related Content

Integrate BIG-IP with AWS CloudWAN Service Insertion

Edge to Pulse: IP Geolocation Database Migration

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

Access Troubleshooting: BIG-IP APM OIDC integration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS