Forum Discussion
I need to authenticate admin console of F5 and not the Application traffic.
This support document https://support.f5.com/csp/article/K11199 woks for me which gives my answer.
The support doc https://support.f5.com/csp/article/K11072 shared by you gives me the configuration steps. Thanks for your reply.
But there is a twist , we have 90 LDAP servers for Authenticating F5 admin console and we cannot add each one of it. Can we use just hostname reps.hed.net instead of creating pools and this hostname would query one of the LDAP server for AAA.
- Nikoolayy1Jun 30, 2021MVP
You can use the FQDN as mentions in K11072:
Important: In 9.4.8 and later, if you have configured SSL and a Trusted CA, you must set the value of the Host option to an FQDN, such as ldap.example.com, rather than an IP address. The FQDN must match the FQDN embedded in the CN (CommonName) attribute of the X509 subject of the certificate presented by the Active Directory LDAP server. For example, an LDAP server may present a certificate that includes the following subject data:
Here is how to configure the F5 to resolve hostnames:
https://support.f5.com/csp/article/K13205
If you have DNS/GTM module it will return in the DNS responce only the ldap servers that are up as GTM/DNS has health monitoring.
- DK_BOSSJun 30, 2021Nimbostratus
Perfect, will consider. Initially we will be using plain text for comm. And later with SSL.
Thank you so much for your support.
- Nikoolayy1Jun 30, 2021MVP
Yes and keep in mind that the APM is for remote VPN, advanced authentication of transit traffic for the Virtual servers that the LTM can't do (As I mentioned for now the LTM has basic options with auth profiles that are a legacy thing) and posture checks, so in your case it wouldn't provide anything more for the F5 web ineterface/sh cli autentication.
- DK_BOSSJun 30, 2021Nimbostratus
Thanks, that is what needed now. Basic F5 admin console Auth.