Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Configuring APM Client Side NTLM Authentication

Introduction There have been a ton of requests on the boards for a simplified client side NTLM configuration, so based on Michael Koyfman’s excellent Leveraging BIG-IP APM for seamless client NTLM...
Published May 12, 2015
Version 1.0
authentication
BIG-IP Access Policy Manager (APM)
ntlm
security
Algebraic_Mirror's avatar
Algebraic_Mirror
Icon for Cirrostratus rankCirrostratus
Jul 28, 2015
This is excellent, thanks for writing it! I've been trying to find the simplest method, and this answers that question! I like how Michael's setup allows for things like re-prompting an end user if they get their password wrong the first time, but in most use cases where the end target is something like Microsoft Word trying to access SharePoint, where the computer already has valid credentials, I really prefer this simpler method. I also like that your method doesn't require setting port translation on the virtual server to "preserve-strict", because that can result in a broken connection for someone if two clients try to use the same source port. Thanks again for writing this, it is much appreciated!