Microsoft SharePoint 2013/2010 iApp template

Problem this snippet solves:

Use the SharePoint iApp template to configure availability, encryption, security, and remote access for Microsoft SharePoint 2010 and 2013. This template will configure the BIG-IP Local Traffic Manager (LTM) module, the Access Policy Manager (APM), the Application Acceleration Manager (AAM), the Advanced Firewall Manager (AFM), as well as Application Security Manager (ASM) for SharePoint deployments.

For detailed instructions for using this iApp template and configuring your SharePoint Server environment see the SharePoint deployment guide at http://www.f5.com/pdf/deployment-guides/iapp-sharepoint-2010-2013-dg.pdf

v1.2.2rc2
You must use this F5 release candidate iApp template (v1.2.2rc2), available as an attachment on this page, if you want to use BIG-IP Application Security Manager (ASM) in your deployment. If you try to use a previous version of the template with ASM, you receive an error. There are no other changes to this version of the iApp.

v1.2.2rc1
This F5 release candidate iApp template (v1.2.2rc1), available in the iApp package on downloads.f5.com in the RELEASE_CANDIDATE directory, contains no new features, but includes the fix for the troubleshooting entry "Why are users experiencing authentication issues after deploying the SharePoint iApp template?" on page 41. For guidance on downloading and importing the template, use the instructions in the deployment guide or in the solution referenced below.

v1.2.1
Use this fully F5 supported template (v1.2.1) to configure your SharePoint 2010/2013 environment. You can find instructions for downloading the template at https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15043.html.

Code :

71668
Published Nov 16, 2015
Version 1.0
  • Hi! We are trying the iApp template v1.2.2rc2, we want to select an existing ASM Security Policy, but we are not seeing it as the "Do you want to deploy BIG-IP Application Security Manager?" shows only LTM Policies with ASM enabled.

     

    As we are checking, you can't create manually an LTM Policy with ASM enabled, they are automatically created when they are assigned to an ASM Security Policy in a Virtual Server...

     

    So, is it possible to add to the iApp template the option to select ASM Security Policies, and not LTM Policies with ASM enabled?

     

    As a workaround, we are creating a fake temporary VS with the required ASM Security Policy enabled, then we are creating the iApp selecting the LTM Policy with ASM enabled that was automatically created by the fake VS, and finally we are removing the fake VS.... so hard :(

     

    Thanks!

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi Franco, you must create the ASM policy and then reference it in the LTM policy's rules. Once you do that, the ASM-enabled LTM policy should appear in the iApp drop-down.

     

  • Hi, as we are trying, 12.1.2 doens't support create an LTM Policy with a rule enabling ASM...

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi, it absolutely does. I am looking at a 12.1.2 BIG-IP with an ASM-enabled LTM policy:

    [azureuser@newscript-waf0:Active:In Sync] config  tmsh list ltm policy F5waf-ltm_policy
    ltm policy F5waf-ltm_policy {
        controls { asm }
        last-modified 2017-08-07:02:11:44
        requires { http }
        rules {
            default {
                actions {
                    0 {
                        asm
                        enable
                        policy /Common/F5waf-linux-medium-security_policy
                    }
                }
                ordinal 1
            }
        }
        status legacy
        strategy first-match
    }
    
    [azureuser@newscript-waf0:Active:In Sync] config  cat /VERSION
    Product: BIG-IP
    Version: 12.1.2
    Build: 1.34.271
    Sequence: 12.1.2.1.34.271.34
    BaseBuild: 0.0.249
    Edition: Engineering Hotfix HF1
    Date: Thu May 11 22:29:29 PDT 2017
    Built: 170511222929
    Changelist: 2224035
    JobID: 840061