Microsoft SharePoint 2013/2010 iApp template

Joe_Jordan · ‎16-Nov-2015

Problem this snippet solves:

Use the SharePoint iApp template to configure availability, encryption, security, and remote access for Microsoft SharePoint 2010 and 2013. This template will configure the BIG-IP Local Traffic Manager (LTM) module, the Access Policy Manager (APM), the Application Acceleration Manager (AAM), the Advanced Firewall Manager (AFM), as well as Application Security Manager (ASM) for SharePoint deployments.

For detailed instructions for using this iApp template and configuring your SharePoint Server environment see the SharePoint deployment guide at http://www.f5.com/pdf/deployment-guides/iapp-sharepoint-2010-2013-dg.pdf

v1.2.2rc2
You must use this F5 release candidate iApp template (v1.2.2rc2), available as an attachment on this page, if you want to use BIG-IP Application Security Manager (ASM) in your deployment. If you try to use a previous version of the template with ASM, you receive an error. There are no other changes to this version of the iApp.

v1.2.2rc1
This F5 release candidate iApp template (v1.2.2rc1), available in the iApp package on downloads.f5.com in the RELEASE_CANDIDATE directory, contains no new features, but includes the fix for the troubleshooting entry "Why are users experiencing authentication issues after deploying the SharePoint iApp template?" on page 41. For guidance on downloading and importing the template, use the instructions in the deployment guide or in the solution referenced below.

v1.2.1
Use this fully F5 supported template (v1.2.1) to configure your SharePoint 2010/2013 environment. You can find instructions for downloading the template at https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15043.html.

Code :

fpieressa · ‎07-Aug-2017

Hi! We are trying the iApp template v1.2.2rc2, we want to select an existing ASM Security Policy, but we are not seeing it as the "Do you want to deploy BIG-IP Application Security Manager?" shows only LTM Policies with ASM enabled.

As we are checking, you can't create manually an LTM Policy with ASM enabled, they are automatically created when they are assigned to an ASM Security Policy in a Virtual Server...

So, is it possible to add to the iApp template the option to select ASM Security Policies, and not LTM Policies with ASM enabled?

As a workaround, we are creating a fake temporary VS with the required ASM Security Policy enabled, then we are creating the iApp selecting the LTM Policy with ASM enabled that was automatically created by the fake VS, and finally we are removing the fake VS.... so hard 😞

Thanks!

mikeshimkus_111 · ‎07-Aug-2017

Hi Franco, you must create the ASM policy and then reference it in the LTM policy's rules. Once you do that, the ASM-enabled LTM policy should appear in the iApp drop-down.

fpieressa · ‎07-Aug-2017

Hi, as we are trying, 12.1.2 doens't support create an LTM Policy with a rule enabling ASM...

mikeshimkus_111 · ‎07-Aug-2017

Hi, it absolutely does. I am looking at a 12.1.2 BIG-IP with an ASM-enabled LTM policy:

[azureuser@newscript-waf0:Active:In Sync] config  tmsh list ltm policy F5waf-ltm_policy
ltm policy F5waf-ltm_policy {
    controls { asm }
    last-modified 2017-08-07:02:11:44
    requires { http }
    rules {
        default {
            actions {
                0 {
                    asm
                    enable
                    policy /Common/F5waf-linux-medium-security_policy
                }
            }
            ordinal 1
        }
    }
    status legacy
    strategy first-match
}

[azureuser@newscript-waf0:Active:In Sync] config  cat /VERSION
Product: BIG-IP
Version: 12.1.2
Build: 1.34.271
Sequence: 12.1.2.1.34.271.34
BaseBuild: 0.0.249
Edition: Engineering Hotfix HF1
Date: Thu May 11 22:29:29 PDT 2017
Built: 170511222929
Changelist: 2224035
JobID: 840061

DevCentral

Microsoft SharePoint 2013/2010 iApp template