NimbostratusVMware 2FA access issue with Akamai WAF
I have VMware access via F5 APM for 2FA was working alright. Recently we have security requirement to onboard the Webpage over Akamai WAF for protection against Web application attacks. But we have issue when onboard the URL to Akamai, the Web access still looks good for 2FA authentication. But when we try to launch the PCoIP from F5 webtop, it gave "Http error 500". From Akamai log we saw below.
01/25/2019 06:11r113.210.68.206-POST/D/16382/811000/000/da.abc.com/broker/xml500text/html469-1761---ERR_NO_STICKY_PCONN|FCS:NoStickyPconnTLSv1.2da.abc.com
Further checking it seem to be common issue on web page hosting via Akamai, below some URL link i could find from Akamai KB.
https://community.akamai.com/customers/s/article/Configuring-a-load-balancer-on-the-Origin-to-properly-work-with-Akamai?language=en_US https://community.akamai.com/customers/s/question/0D50f00005RtpkrCAB/configuration-of-sticky-connections-to-origin?language=en_US https://community.akamai.com/customers/s/question/0D50f00005RtqquCAB/persistent-connections?language=en_US
Seem like Akamai will use different(dynamic) IP even from the same user request, I also confirmed with VMware Engineer the user session have to talk to the same connection server, if somehow the request (PCoIP request) fall to different connection server it might failed.
But i don't see any article from F5 to discuss about such approach, and what's the recommendation from F5. Anyone got experience on this can you share your view on this issue? And what's the recommendation to rectify the issue?
Thanks in advanced.