For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mike_P__194875's avatar
Mike_P__194875
Icon for Nimbostratus rankNimbostratus
Aug 09, 2016

I was thinking about this as I am in the same boat as far as this potentially becoming a requirement. I think an easy way to do this would be to set up a VS for the F5 management itself and cac-enable that VS using LTM or APM, whichever flavor you choose. Then you still have Radius or username/password as a backup option but never have to use the management IP again except in an emergency when, say, OCSP is down or something.

 

  • Michael_J_17169's avatar
    Michael_J_17169
    Historic F5 Account
    Aug 09, 2016

    This works all the way up to version 12.0. However, in the event that TMM is down, you will no longer be able to access your management interface. Otherwise, this works. This issue is currently being worked on to find a resolution.

     

  • hejman_229037's avatar
    hejman_229037
    Icon for Nimbostratus rankNimbostratus
    Aug 29, 2016

    Ok.....we just upgraded to 12.1.0 as we were told this would support using arbitrary fields from the DOD Token certs to authenticate for MC. I have a VIP setup for one environment and hitting that url it does read the cert and prmopts for PIN; it then goes to the 'local' login screen. How do I get it to authenticate the Subject Alternate Name from token to AD for our -admin accts? I have tried various SSL settings/certs....no luck. Do I have to use Client Cert LDAP config?

     

    thanks in advance...