Forum Discussion

Nimbostratus

Mar 30, 2020

Pulse Integration – F5 iRule AVP Insert

Hello F5 world, I have few questions regarding pulse integration with F5. we are trying to integrate pulse seccure and write some Irules which redirect the traffic to ISE from pulse. is there a...

Employee

Apr 01, 2020

Take a look at https://clouddocs.f5.com/api/irules/HTTP__redirect.html which shows you how to use redirect. You may find that LTM policies work better. If you provide more information about what you actually want then we may be able to help out with an iRule

Manoj_T

Nimbostratus

Apr 07, 2020

Hi Pete white,

Thanks for answering my concer. Here is the detailed version what we are expecting to do. we got pulse secure for all the type of connections out of the network. when user hits pulse secure, it should redirect the traffic to F5 which is connected next to the Puse secure and F5 after receiving that packet it should forward it to ISE where F5 need to act as a RADIUS PROXY. "(radius call from UAC through F5 to ISE ) . (F5 acting as a radius proxy)". Do this information is good or do i need to provide much more.?

Regards,

PeteWhite
Employee
Apr 07, 2020
OK, BIG-IP will act as a radius proxy with a virtual server - you can decode radius messages if you add a radius profile to it and use radius iRule commands such as that RADIUS::avp. If you don’t need to do decoding then you can just use a layer 4 virtual server
Manoj_T
Nimbostratus
Apr 07, 2020
Hi Pete,

Appreciate your response. As i am pretty new to F5, do you have any procedure steps or reference documents which i can follow.? please share them and that would be really helpful to me. Thanks.

MT
Manoj_T
Nimbostratus
Apr 07, 2020
Also i have a quick question on this. when it received the radius request from UAC(Pulse), injected the additional attributes with iRule, and forwarded to ISE for processing. The additional attributes which we are looking for is pasted below.

Calling-Station-ID (tracks individual client by MAC or IP address) >> Could be made equal to Tunnel-Client-Endpoint Value.
User-Name (tracks remote client by login name) >> Already present.
NAS-Port-Type (helps to determine connection type as VPN) >> Missing.
RADIUS Accounting Start (triggers official start of session)>> This is already present with Framed-ip-address.

We are concerned about "NAS-port-Type and Radius Accounting Start- Missing Framed IP-address."

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Pulse Integration – F5 iRule AVP Insert

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Edge to Pulse: IP Geolocation Database Migration

VMware VKS integration with F5 BIG-IP and CIS

Integrate BIG-IP with AWS CloudWAN Service Insertion

Identity-centric F5 ADSP Integration Walkthrough

Strict header Insertion

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS