Yubikey APM and AzureAD question
HEy I'm trying to add the ability to use yubikeys as hardware keys to my Saml/Azureid logins. I saw this doc for how to do it with okta. Application access using YubiKey Authentication with APM and Okta | DevCentral I was wondering if their were similar instructions for Azure AD. It seems like the okta integration relies on okta connecter supporting yubikey in v 16.0. We are currently running 16.1.5, but I don't see something similar in the Azure AD connector. I was wondering how other people have done this? Or if their was something I'm missing? We've been able to add yubikeys to ont eh Azure Ad side, but they never show up when we try to use them as a 2nd factor with The BIG IP Edge client.
APM : is VMware Workspace One supported as an Endpoint Management System?
Hello, In the past, we added our on-premises Airwatch server in the Endpoint Management Systems list. We used this feature to check if the smartphones connecting to the VPN were properly enrolled. We used this feature only for a few users. We migrated to VMware Workspace One in SaaS mode but we forgot about this feature. Is VMware Workspace One supported as an Endpoint Management System? Could F5 APM connect to WSO API? When adding our WSO instance as Airwatch, we got a "General configuration error". Thank you Thomas
user alert on apm logs
I try to trigger a command when a specific log is written on /var/log/apm It works on 2 different non prod big-ip, but on a third one in production it only works with /var/log/ltm logs. user_alert.conf "failed" is commun in my ltm logs. "New session" is commun in apm logs. So this works (triggered from ltm logs): alert test "failed" { exec command="logger -p local0.notice 'test'" } This doesn't (not triggered from apm logs): alert test "New session" { exec command="logger -p local0.notice 'test'" } Do you have any idea why?
HA Configuration (One in primary and One in DR)
Hi folks, I currently have HA pair (active/passive) in a primary data center and we are bringing up a DR. wondering can I split up the HA pair (One in primary and One in DR) and continue to have HA with utilizing different subnets? We are using multiple IPSEC tunnels to connect the sites so we are still working on whether we can extend subnets but if we can't I wanted to ask if different subnets are possible. Thank you any info is appreciatedF5 APM/RDG Not working
Hi guys, created a new access policy and I get as far as being able to download the rdp file, when I execute the file, I see the traffic on 443 land on the F5, but I do not see any attempt from the F5 to open a connection to the RDP server (no packets to the rdp server IP address at all in a tcpdump) I have a forwarding server that encompasses 10.0.0.0/8 and I have another access policy that is working with a server in the same range. There is a rule on AFM, SNAT is enabled. feel like I am missing something simple here, unfortunately I have no logs at all to explain what is or is not working , any ideas what this could be missing? I feel like it has to be something to do with the virtual server with the access policy on it.
