Forum Discussion

Maryam_305638's avatar
Maryam_305638
Icon for Nimbostratus rankNimbostratus
Jan 18, 2018

traffic from APM to Domain Controller

Hello,

 

We have configured the APM for exchange 2016 to use NTLM in test environment and it is working fine . the communication from LTM is open to DC over the management interface. Now moving on to production I need to make sure of something: the domain controller I am using is not behind the load balancer, should the LTM talk to the DC over the management interface? I am not sure how is the traffic flow between the LTM and Domain controller! is LTM passing all the traffic to the DC over mgmt IF? can someone clarify this please?

 

application delivery
BIG-IP Access Policy Manager (APM)
devops
LTM
  • kolom_265617's avatar
    kolom_265617
    Jan 22, 2018

    Hello Maryam,

     

    You can use either Management interface or TMM interface to reach your Domain controller. If a destination address does not match that of the management interface network, and no static route is specified besides a default management gateway, the system uses the default gateway that the TMM specifies.

     

    So just make sure that the DC is reachable to F5 , and the required ports and services is enabled.

     

    Note : if SMBv1 is disabled on the DC . this will cause the BIG-IP APM system not to be able to successfully authenticate clients using NTLM. https://support.f5.com/csp/article/K55889450

     

  • kolom_265617's avatar
    kolom_265617
    Icon for Cirrostratus rankCirrostratus
    Jan 22, 2018

    Hello Maryam,

     

    You can use either Management interface or TMM interface to reach your Domain controller. If a destination address does not match that of the management interface network, and no static route is specified besides a default management gateway, the system uses the default gateway that the TMM specifies.

     

    So just make sure that the DC is reachable to F5 , and the required ports and services is enabled.

     

    Note : if SMBv1 is disabled on the DC . this will cause the BIG-IP APM system not to be able to successfully authenticate clients using NTLM. https://support.f5.com/csp/article/K55889450

     

  • kolom's avatar
    kolom
    Icon for Altostratus rankAltostratus
    Jan 22, 2018

    Hello Maryam,

     

    You can use either Management interface or TMM interface to reach your Domain controller. If a destination address does not match that of the management interface network, and no static route is specified besides a default management gateway, the system uses the default gateway that the TMM specifies.

     

    So just make sure that the DC is reachable to F5 , and the required ports and services is enabled.

     

    Note : if SMBv1 is disabled on the DC . this will cause the BIG-IP APM system not to be able to successfully authenticate clients using NTLM. https://support.f5.com/csp/article/K55889450