For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mike_aws_119486's avatar
mike_aws_119486
Icon for Nimbostratus rankNimbostratus
Jan 14, 2014

Rename default MRHsession cookie?

I have a requirement to have APM Edge (at the Edge of the network facing internet) connecting to an APM appliance within the internal network which is providing Portal Access/SSO to apps.   I've c...
BIG-IP Access Policy Manager (APM)
deployment
security
mike_aws_119486's avatar
mike_aws_119486
Icon for Nimbostratus rankNimbostratus
Jan 15, 2014

Thanks, from an architectural perspective think of this as two completely seperate networks.

 

Network A wants to present a bunch of Apps to Network B so uses F5 APM to authenticate users to AD and present a portal to Network B with URL rewriting/SSO.

 

Network B wants to present the portal to external users over the internet and happens to also use F5 APM in their internet DMZ with RSA Auth.

 

Network A has no direct connection to the internet, Network B has no direct connection to the backend apps.

 

With different products it works (F5 APM in Network B + Juniper SA in Network A) the challenge is with both being F5.

 

I've tried writing an iRule today to capture session information but didn't seem to work. I did think some kind of rewrite of the backend cookies (but not the backend content) would be the solution but not entirely sure how to re-write the backend cookie?