Can F5 APM act as a Kerberos KDC proxy (like Microsoft DirectAccess) for Zscaler ZIA?

Question

Hello,
&nbsp;
Zscaler ZIA can user Kerberos Authentication even for Remote users (Road Warriors as they call them) but then a KDC proxy is needed like Microsoft DirectAccess to translate the HTTPS Kerberos traffic to normal TCP (like a proxy but for Kerberos) and I was wondering if F5 APM can do the same and to provide the ticket to client that then the client sends to Zscaler. All the F5 APM features seem to be related to not send the ticket directly to the client but to act as a man in the middle.
&nbsp;
https://help.zscaler.com/zia/about-kerberos-authentication
https://help.zscaler.com/zia/about-kerberos-authentication#kerberos-features
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/d688ea3a-04b0-45ea-8226-82a74cb6289e

jrahm · Answer

let me ask around...

Forum Discussion

Can F5 APM act as a Kerberos KDC proxy (like Microsoft DirectAccess) for Zscaler ZIA?

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

v10.1 - BIG-IP and Microsoft DirectAccess

Microsoft Powershell with iControl

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)