F5Access | MacOS Sonoma
I upgraded my MacOS to Sonoma (the latest version of MacOS) and now F5 Access does not open When I try to open the application, nothing happens. The icon in the up menu bar does not appear. Is anyone passing through the same situation? Thanks! Thanks!2.1KViews2likes44CommentsNeed help in automating BigIQ session summary reports
I have been asked to work out a way of automating the CSV report from BigIQ Monitoring Access Dashboard. Under Access > Sessions > Session Summary I have been filtering Network_Access as the AP result and then manually exporting the CSV there. Our security who does not have a Splunk server is asking for this every 24 hours. Therefore I am looking to see if there is a way I can have a scheduled job run for this. Only things I am finding are configuration automation or automation dealing with ASM. Any help would be greatly appreciated.7Views0likes0CommentsF5 Access Guard Deprecated: ZTA APM
Since F5 Access Guard is deprecated and not supported on Win 11, newer browsers, and some versions of MacOS, what is the replacement for posture checking when implementing a ZeroTrust architecture using APM as an identify aware proxy? One major point of ZT is to do continuous posture checking of a client and the requests they are making--each and every one utilizing a per-request policiy. Without this component, it seems like APM is not a great candidate for use. What are others doing when using APM within their ZT network? Are they using 3rd part solutions with an HTTP connector to evaluate to client/request for each and every request?17Views0likes0CommentsF5 APM Syslog-NG parser
Hello everybody, I use the VPN big-ip Edge client F5 and I would like to generate a log with all theses session variables "session.ldap.last.attr.userPrincipalName + session.check_machinecert.last.cert.subject + session.assigned.clientip". My problem is that the "session.assigned.clientip" isn't populate in the session variable so I can't use a log message to make a custom log with all of theses values. So my question is , is it possible to parse theses logs with syslog-ng and concatenate all the syslog trame with the session ID ? and forward the log concatenated to an another syslog instance ? Don't know if my question is very undertandable ? Regards, Miguel12Views0likes0CommentsF5 APM DHCP instead of leasepool
Hello, I'm looking to configure the APM to use an upstream DHCP server instead of the locally defined leasepool. I have seen in other posts a link to an article for just this, but the link is no longer around and I cannot find the iapps template associated. iApp, documentation, and example APM Policy to get IP addresses from DHCP for APM VPN clients Can someone point me to the correct link, or can someone tell me the proper way to do this? When i remove the leasepool from the APM policy it says no leasepool assigned and the connections fail. Thank you.40Views0likes1CommentAPM with EntraID as idP / request signed
Hi experts. I need your help to solve an issue. I'm configuring a new enviroment with BIG-IP version 15.1.8.2 Build 0.0.17 Point Release 2. I have the APM works fine with SSO using EntraID (AzureAD) as idP. Now, I need to enable the request signed (Enforce signed SAML authentication requests - Microsoft Entra ID | Microsoft Learn). I generated the self signed certificate and import it on my app at Azure and my BIG-IP. I changed my config in Access > Federation > SAML Identity Provider and assigned my self signed certificate (pk included) to assign the request. But, I've received the below error by EntraID: Sign-in error code: 76021 Failure reason: The request sent by client is not signed while the application requires signed requests All attemps was made by browser (SSL VPN). Thank you.37Views0likes1Comment[APM] The F5 API returned the error BadRequest(400)
Hello Team , We use a tool for whitelisting the URL and IP's and push the configuration to F5 everyday . We have below error on the tool . Can we check anything on the F5 . I did not find any error message on the audit logs . Error : F5 synchronization batch reported an error while managing F5 : SendRequest: The F5 API returned the error BadRequest(400) received from the API: request failed with null exception25Views0likes1Commentapm session variable from part of uri...
Hey all, I have a problem I need to solve. We have an application that uses a mobile app, the app does authentication with apm(local sp/external idp) through one browser and then accesses the the backend server in another session.. and the apm is not aware of that second one so it gerenrates a new login which fails and the app cannot login. The app passes a identification value the the urls which the app uses.. I want to do the same. Does anyone know or have any tips on how i can catch part of the uri (sort of like this https://test.com/sessionid=1234-5678-9101) that contains the sessionid and apply it to a session variable? /Kim47Views0likes3CommentsUser authentication for non-http traffic
Hello, I’m an IAM architect, not BigIP expert, and I’m wondering if BigIP LTM/APM has the capabilities to support the use case described below. It’s about non-HTTP protocol, more precisely DICOM protocol. So all the nice token based solutions, stateless security enforcement that I'm used to with HTTP do not work here. We want to control network access between DICOM client application running on workstations (managed windows 10 running Edge Client) and the DICOM servers. Access control should be based on both workstation security controls (authentication, security posture) and end user authentication. If successful, network access should be allowed. Whether user authentication had to happen upfront, before starting the DICOM client, or just in time when TCP connection is initiated is interesting to know, as well as user experience. User authentication is to be integrated with an IdP, based on standard federation protocols (OIDC or SAML). Once traffic is allowed, security session must be monitored and closed in case of inactivity or client application termination / logout. Thanks for reading so far! Any feedback, ideas, clue on how to achieve that if possible will be appreciated.454Views0likes3Comments