Forum Discussion

Maryam_305638's avatar
Maryam_305638
Icon for Nimbostratus rankNimbostratus
8 years ago
Solved

traffic from APM to Domain Controller

Hello,

 

We have configured the APM for exchange 2016 to use NTLM in test environment and it is working fine . the communication from LTM is open to DC over the management interface. Now moving on to production I need to make sure of something: the domain controller I am using is not behind the load balancer, should the LTM talk to the DC over the management interface? I am not sure how is the traffic flow between the LTM and Domain controller! is LTM passing all the traffic to the DC over mgmt IF? can someone clarify this please?

 

  • kolom_265617's avatar
    kolom_265617
    8 years ago

    Hello Maryam,

     

    You can use either Management interface or TMM interface to reach your Domain controller. If a destination address does not match that of the management interface network, and no static route is specified besides a default management gateway, the system uses the default gateway that the TMM specifies.

     

    So just make sure that the DC is reachable to F5 , and the required ports and services is enabled.

     

    Note : if SMBv1 is disabled on the DC . this will cause the BIG-IP APM system not to be able to successfully authenticate clients using NTLM. https://support.f5.com/csp/article/K55889450

     

4 Replies

  • kolom_265617's avatar
    kolom_265617
    Icon for Cirrostratus rankCirrostratus
    8 years ago

    Hello Maryam,

     

    You can use either Management interface or TMM interface to reach your Domain controller. If a destination address does not match that of the management interface network, and no static route is specified besides a default management gateway, the system uses the default gateway that the TMM specifies.

     

    So just make sure that the DC is reachable to F5 , and the required ports and services is enabled.

     

    Note : if SMBv1 is disabled on the DC . this will cause the BIG-IP APM system not to be able to successfully authenticate clients using NTLM. https://support.f5.com/csp/article/K55889450

     

  • kolom's avatar
    kolom
    Icon for Altostratus rankAltostratus
    8 years ago

    Hello Maryam,

     

    You can use either Management interface or TMM interface to reach your Domain controller. If a destination address does not match that of the management interface network, and no static route is specified besides a default management gateway, the system uses the default gateway that the TMM specifies.

     

    So just make sure that the DC is reachable to F5 , and the required ports and services is enabled.

     

    Note : if SMBv1 is disabled on the DC . this will cause the BIG-IP APM system not to be able to successfully authenticate clients using NTLM. https://support.f5.com/csp/article/K55889450