Forum Discussion
ADFS Proxy balancing with LTM and Advanced WAF, without APM
Looking to do a new F5 configuration to load balance and protect with Advanced WAF a pair of existing Office 365 ADFS Proxy servers running the 2019 version.
I see that F5 is no longer supporting iApps for Office 365.
The new supported configuration seems to be using Guided Configuration.
All articles I've found so far, recquire using APM.
The 'F5 appliances we can use are running version 15.1.x and don't have APM, only LTM and Advanced WAF.
Is there an official supported solution to do ADFS Proxy (version 2019 or later) load balancing with Advanced WAF protecions?
If there isn't, should we still use the last version of the iApp Templates instead?
- Matt_DierickEmployee
Hi mate,
You right, iApp o365 is no longer supported. Microsoft changed its ADFS proxy requirements and certification. It means, to be in front of ADFS server farm and proxy ADFS Authentication workflow, the vendor (F5) must be ADFSPIP compliant. Lucky us, F5 is.
But this certification requires additional steps, as MTLS between BIGIP and ADFS farm servers. And F5 integrated this development in APM only.
Without APM, you can still load-balance ADFS farms with LTM + AWAF (traditional L3 or L7 load balancing), but your deployment will not be ADFSPIP compliant. ADFS farm will be load balanced like any other WebServer.
Hope this help.
- wlopezCirrocumulus
Matthieu,
Thanks for the detailed response.
Does this apply to all Office 365 versions?
The client I'm analyzing will do a deployment of Office 365 version 2019 and is asking for WAF protections for the internet facing ADFS servers.
- Matt_DierickEmployee
I think you are refering to the Office362 Applications Version 2019. Office 365 (the cloud service) does not have any version.
Yes, it applies to all ADFS and clients versions.
- Leslie_HubertusRet. Employee
Hi wlopez - I see nobody has answered you yet. I've called out this post in this week's Community Highlights, Week 9 '23 article to increase visibility, and forwarded it to a colleague to see if they can help.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com