zerotrust

4 Topics

Exploring the Zero Trust Models of AWS, Microsoft, and Google
In today’s world of distributed workforces, cloud services, and sophisticated cyber threats, the traditional security approach where everyone inside the network is trusted has become obsolete. The Zero Trust Model has emerged as the new paradigm, enforcing strict identity verification, granular access control, and continuous monitoring for all users, devices, and resources, regardless of their location. Big Cloud providers such as AWS (Amazon Web Services), Microsoft, and Google have each adopted their own version of Zero Trust architecture. In this article we will understand the basics of the mentioned Zero Trust models, its key principles and components. What is Zero Trust? Zero Trust is a security framework based on the principle of "never trust, always verify." Unlike traditional network security models, Zero Trust does not assume that users or devices inside the network are inherently trustworthy. Instead, every user, device, and request must be constantly verified and approved. They must be given the minimum amount of access they need based on their identity and security status. AWS Zero Trust Model The AWS Zero Trust model is a security framework that aims to protect resources by enforcing strict verification, regardless of whether access requests originate from inside or outside a traditional network perimeter. It focuses on continuous validation of trust, treating every access attempt as potentially hostile unless explicitly authenticated and authorized. To get more clearer picture, let's understand the key principles, components followed by an example. Key Principles: Identity-Centric Approach: AWS shifts the security focus to identities (users, devices, services), ensuring that every entity is authenticated and authorized for each action. Least Privilege Access: Access permissions are granted based on the minimal necessary level, reducing the impact of compromised accounts. Context-Aware Access: AWS evaluates additional signals like location, device health, and behavior before granting access to resources. Segmented and Isolated Resources: AWS employs segmentation to isolate workloads, limiting lateral movement if one component is compromised. Continuous Monitoring and Logging: AWS integrates real-time monitoring and logging to detect suspicious activities and adjust security policies dynamically. Key Components: AWS Identity and Access Management (IAM): Central to AWS's Zero Trust model, IAM allows you to manage fine-grained permissions and define access control policies for each user, role, and resource. Multi-Factor Authentication (MFA): AWS uses MFA to enforce stronger identity verification, requiring users to authenticate using something they know (password) and something they have (token or device). AWS CloudTrail and GuardDuty: These services provide continuous monitoring, logging, and threat detection, identifying unusual behavior and potential security risks. Encryption and Secure Communications: AWS enforces encryption both in transit and at rest, ensuring data integrity and confidentiality, with access controlled by encryption keys managed through AWS Key Management Service (KMS). Zero Trust Network Access (ZTNA): AWS offers solutions such as AWS PrivateLink and VPC endpoints to secure and isolate traffic, minimizing exposure to public networks. Example: Imagine an organization running an e-commerce platform on AWS, where sensitive customer data is stored in databases and accessed by employees, services, and third-party APIs. Instead of trusting access by default, AWS Zero Trust ensures that every access request is verified at each stage. If an employee attempts to access a customer database: IAM and MFA verify the employee’s identity and enforce role-based access control, ensuring they only have the necessary permissions. Device and Location Verification: AWS checks if the employee is using a trusted device from an expected location, applying additional security measures if an anomaly is detected (For example., logging in from an unusual location). Network Isolation: AWS VPC and PrivateLink ensures that database traffic remains isolated, preventing lateral movement even if other systems are compromised. Logging and Monitoring: AWS CloudTrail logs the access attempt, while AWS GuardDuty monitors for any suspicious behavior like abnormal data access patterns. If a threat is detected, the system can revoke access or trigger an alert. In this way, AWS Zero Trust minimizes the risk of unauthorized access and data breaches, providing continuous protection of resources, whether they are inside or outside the traditional network boundary. Microsoft Zero Trust Model The Microsoft Zero Trust model is built on real Microsoft features that work together to protect data and resources by eliminating implicit trust. The model continuously verifies identities, devices, and access requests across the entire environment, ensuring security for both internal and external access. To find out more about Microsoft's Zero Trust model, let's understand the key principles, components followed by an example. Key Principles: Verify Explicitly: Always authenticate and authorize using all available data points like identity, location, device, health, service, and anomaly detection. Least Privileged Access: Enforce least privilege by granting only the minimum level of access necessary for users to perform their tasks. Assume Breach: Operate with the mindset that a breach has already occurred, and implement strategies to limit lateral movement, detect anomalies, and mitigate risks. Key Components: Azure Active Directory (Azure AD): Azure AD provides identity verification through Single Sign-On (SSO), Multifactor Authentication (MFA), and Conditional Access, which adapts access policies based on the user’s context (For example., location, device compliance, or risk score). Microsoft Intune: For managing devices, Intune enforces compliance policies, ensuring that only secure and compliant devices can access resources. Through Mobile Device Management (MDM) and Mobile Application Management (MAM), it provides control over both corporate-owned and personal devices (BYOD). Microsoft Defender for Endpoint: This tool ensures device security by providing endpoint detection and response (EDR), identifying vulnerabilities and threats on devices, and enforcing security baselines. It continuously monitors and responds to potential breaches or compromised endpoints. Azure Information Protection (AIP): AIP helps protect sensitive data by classifying and labeling information. It also provides encryption and access control, ensuring data protection both at rest and in transit, regardless of where it is stored or shared. Microsoft Defender for Identity: This component integrates identity protection by continuously analyzing user activities and network signals to detect suspicious behaviors, compromised accounts, or insider threats. Microsoft Defender for Cloud: This feature secures cloud and hybrid infrastructure. It provides threat protection, vulnerability assessments, and compliance management across Azure and non-Azure environments, helping enforce Zero Trust principles on cloud workloads. Azure Sentinel: This is Microsoft's cloud-native Security Information and Event Management (SIEM) system, which provides intelligent security analytics and threat detection. It helps detect, prevent, and respond to security incidents by correlating data across multiple sources. Microsoft Endpoint Manager: This includes Intune and Configuration Manager, allowing centralized management of devices and applications while enforcing Zero Trust policies related to device compliance and security. Azure Network Security: Features like Azure Firewall, Azure DDoS Protection, Network Security Groups (NSGs), and Azure Private Link provide network-level segmentation and protection. These services prevent unauthorized lateral movement and secure network traffic through encryption and micro-segmentation. Example: Suppose a finance team member attempts to access a critical business application from a remote location. Here's how Microsoft's Zero Trust model enforces security: Identity Verification: Azure AD ensures the user's identity through MFA. A Conditional Access policy checks the user’s device compliance (managed through Intune) and location. If the login attempt is from an unusual place, additional security measures (like an extra MFA prompt) are applied. Device Compliance: Microsoft Defender for Endpoint checks if the user’s device meets security baselines (For example., updated OS, antivirus enabled). If the device is not compliant, access to the application is blocked or restricted until remediation. Access Control: Azure AD’s Conditional Access ensures that the user can only access the business application and not any other sensitive resources they don't need. Least-privilege access ensures this by restricting permissions based on role. Data Protection: Azure Information Protection encrypts any sensitive data accessed, preventing it from being exposed or mishandled even if downloaded or shared. AIP also tracks and audits access to the data. Monitoring and Threat Detection: Azure Sentinel continuously monitors the access session, using Microsoft Defender for Identity to detect any unusual or risky behavior (For example., multiple login attempts from different locations). If suspicious activity is detected, security alerts are triggered for investigation. In this way Microsoft features into the Zero Trust model ensures end-to-end protection, validating every access request and continuously monitoring for threats across identities, devices, data, and networks. Google Zero Trust Model (BeyondCorp) The Google Zero Trust model, also known as BeyondCorp, is a security framework that eliminates the need for a traditional network perimeter. Instead of assuming that internal networks are inherently secure, Google’s approach treats every access request—whether from within the corporate network or outside—as potentially risky. The model enforces “never trust, always verify” and emphasizes verifying users and devices at every step before granting access. Key Principles: Verify Every Access Request: Regardless of network location, every access request must be authenticated and authorized, using strong identity verification and device checks. Least Privilege Access: Limit user and device access to the minimum necessary, ensuring they can only access the resources required for their specific role. Continuous Monitoring: Continuously monitor users, devices, and behaviors to detect and respond to suspicious activity in real-time. Device Trust: Assess the security posture of the device before granting access, ensuring that only trusted, compliant devices are used. Key Components: Google Identity: Google’s identity system forms the basis of Zero Trust, enforcing strong identity verification with features like Single Sign-On (SSO) and Multi-Factor Authentication (MFA). It ensures that every user is authenticated before access is granted, whether the request originates from inside or outside the network. Access Proxy: This component of BeyondCorp acts as an intermediary between users and resources. Every access request is routed through this proxy, which enforces security policies and checks the identity, context, and device posture before granting access. Device Inventory and Management: Google maintains a detailed inventory of devices accessing corporate resources, ensuring that only compliant, up-to-date devices can connect. Device posture (For example., security patches, encryption status) is continuously assessed to maintain trust. Context-Aware Access: This feature dynamically adjusts access policies based on the user’s identity, device health, location, and risk factors. Google’s Access Control Policies are applied in real time, allowing access only if all conditions meet security requirements. Encryption and Secure Communication: All communication between users and resources is encrypted, ensuring data integrity and confidentiality. Google enforces encryption in transit and at rest for data protection. Continuous Monitoring and Threat Detection: Google uses extensive logging, monitoring, and machine learning to detect anomalies and security risks in real-time, enabling fast response to potential threats. Example: Imagine a scenario where a Google employee wants to access a sensitive cloud-based internal application while working from a public coffee shop. In a traditional security model, the internal network might trust access if the employee used a VPN. In Google’s Zero Trust model, no such implicit trust exists. Here’s how Google’s Zero Trust model would work: Identity and Device Verification: The employee attempts to log in through Google’s SSO, where their identity is verified using MFA. BeyondCorp checks if the device being used is a trusted, compliant device by consulting Google’s Device Inventory. If the device is missing a security update or is not encrypted, access is denied until the device is compliant. Context-Aware Access: Google’s Access Proxy examines additional context, such as the employee’s location (public Wi-Fi network) and device posture. Because the user is accessing from an untrusted network, the system applies stricter security policies. The employee may be asked for additional verification, such as a second MFA prompt, or have restricted access to only specific parts of the application. Real-Time Monitoring: While the employee is logged in, Google continuously monitors the session for any suspicious behavior, such as unusual data access patterns or changes in device posture. If abnormal activity is detected, Google’s system triggers an alert and can immediately terminate the session to prevent data compromise. Secure Access: Even while accessing sensitive data, the entire communication is encrypted both in transit and at rest, ensuring that no data is exposed on the public Wi-Fi network. Google’s encryption standards protect all data during access. In this way, Google's Zero Trust model ensures verification of identity, device, and context at every step and significantly reduces the risk of unauthorized access and breaches. I hope after reading the article up to this point, you are looking for information on F5 Zero Trust Security. I have collected links to some of the very good articles available on DevCentral and F5, which will definitely help you. Zero Trust Solutions What Is Zero Trust Security & Architecture? Secure Corporate Apps with a Zero Trust Security Model Zero Trust in an Application-Centric World Zero Trust - Making use of a powerfull Identity Aware Proxy Zero Trust Access with F5 Identity Aware Proxy and Crowdstrike Falcon | DevCentral Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM Access - Building Zero Trust strategy Zero Trust building blocks - Leverage NGINX Plus Single Sign-On (SSO) with F5 XC Web App & API Protection (WAAP) Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity
Dharminder
Sep 25, 2024 Place Security Insights
307Views
1like
0Comments
F5 TIC3.0 Capability Mappings
About The information below lists how F5 products address TIC 3.0 capability requirements (Dec 2023/Version 3.1) from the context of how F5 can help the broader agency. Important Note: Prior to reading this please read each capability as defined in https://www.cisa.gov/sites/default/files/2023-12/CISA%20TIC%203.0%20Security%20Capabilities%20Catalog_508c.pdf If a capability is not explicitly listed it should be assumed the F5 product does not meet the requirement. At the core the security provided by TIC 3.0 is based on Zero Trust. If you would like to learn more about how F5 can help your agency meet its Zero Trust requirements, please contact your local account team for additional detail. F5 Products Background F5 BIG-IP is a reverse proxy with web application security and authentication capabilities. BIG-IP provides these capabilities for traditional applications. F5 BIG-IP delivers applications securely, efficiently and at scale. BIG-IP Web Application Firewall protects applications from the ever-evolving security threat landscape. Specific BIG-IP software modules are matched to certain capabilities below where applicable. F5 NGINX Plus is a reverse proxy with web application security and authentication capabilities in a containerized format. NGINX+ typical use cases is to provide these protections for modern containerized applications. F5 Distributed Cloud is a SaaS offering that provides Application Delivery, WAAP, DNS, DDOS to applications as an edge service. F5 Distributed Cloud also offers a “Customer Edge” CE that provides many of these same capabilities on-prem or in a Cloud Service Provider. F5 Distributed Cloud will be referred to as “F5 XC” below. TIC 3.0 Capabilities Universal Security Capabilities Central Log Management with Analysis BIG-IP BIG-IP provides application security and telemetry logging enterprise wide to a centralized log store. NGINX Plus NGINX Plus provides application security and telemetry logging enterprise wide to a centralized log store. F5 XC F5 XC provides application security and telemetry logging enterprise wide to a centralized log store. Configuration Management BIG-IP BIG-IP configuration and capabilities can be fully automated and orchestrated. NGINX Plus NGINX Plus configuration and capabilities can be fully automated and orchestrated. F5 XC F5 XC configuration and capabilities can be fully automated and orchestrated. Incident Response Planning and Incident Handling BIG-IP F5 BIG-IP provides the ability to detect, prevent and log application security events. NGINX Plus F5 NGINX Plus provides the ability to detect, prevent and log application security events in a containerized form factor. F5 XC F5 Distributed Cloud provides the ability to detect, prevent and log application security events. Strong Authentication BIG-IP F5 BIG-IP supports requiring SAML, OIDC, Active Directory, and mTLS authentication before a client can access an application NGINX Plus F5 BIG-IP NGINX Plus supports requiring OIDC, and mTLS authentication before a client can access an application containerized format. F5 XC N/A Enterprise Threat Intelligence BIG-IP F5 provides threat intelligence feeds that help organizations detect whether they are a target of a threat campaign. This service can be leveraged by BIG-IP. NGINX Plus F5 provides threat intelligence feeds that help organizations detect whether they are a target of a threat campaign. This service can be leveraged by NGINX Plus. F5 XC F5 provides threat intelligence feeds that help organizations detect whether they are a target of a threat campaign. This service can be leveraged by F5 XC. Dynamic Threat Discovery BIG-IP BIG-IP can learn HTTP traffic patterns and establish a baseline to protect applications. NGINX Plus N/A F5 XC N/A Continuous Monitoring Reporting BIG-IP BIG-IP provides application security and telemetry logging providing vital application access, performance, and threat data for analysis. NGINX Plus NGINX Plus provides application security and telemetry logging providing vital application access, performance, and threat data for analysis. F5 XC F5 XC provides application security and telemetry logging providing vital application access, performance, and threat data for analysis. Web PEP Capabilities Break and Inspect BIG-IP F5 BIG-IP provides the ability to decrypt TLS traffic and send the decrypted traffic to any number of security devices, allowing the security devices. NGINX Plus N/A F5 XC N/A Active Content Mitigation BIG-IP BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. NGINX Plus N/A F5 XC N/A Certificate Denylisting BIG-IP F5 BIG-IP can enforce certification revocation on clients (human or non-human) presenting certificates (mTLS/Smart Card/CAC/PIV) via OCSP or CRLs before granting access to the application. BIG-IP can also be configured to deny certificates based on a blacklist. NGINX Plus F5 BIG-IP can enforce certification revocation on clients (human or non-human) presenting certificates (mTLS/Smart Card/CAC/PIV) via OCSP or CRLs before granting access to the application. F5 XC N/A Content Filtering BIG-IP BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. NGINX Plus N/A F5 XC N/A Authenticated Proxy BIG-IP F5 BIG-IP is a reverse proxy that provides the ability to require SAML, OIDC, Active Directory and mTLS authentication before a client can access an application. NGINX Plus F5 BIG-IP NGINX Plus is a reverse proxy that provides the ability to require OIDC, and mTLS authentication before a client can access an application in a containerized format. F5 XC N/A Data Loss Prevention BIG-IP BIG-IP can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. Additionally, BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a DLP solution for further inspection preventing sensitive data leakage. NGINX Plus NGINX Plus can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. F5 XC F5 XC can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. Domain Resolution Filtering BIG-IP BIG-IP can report of block DNS over HTTPS originating from or destined for your agency. NGINX Plus N/A F5 XC N/A Protocol Compliance Enforcement BIG-IP BIG-IP provides protocol compliance for both HTTP and DNS with the ability to report or reject traffic that is out of compliance. NGINX Plus NGINX Plus provides protocol compliance for HTTP with the ability to report or reject traffic that is out of compliance. F5 XC F5 XC provides protocol compliance for HTTP with the ability to report or reject traffic that is out of compliance. Domain Category Filtering BIG-IP BIG-IP provides break and inspect capabilities for traffic egressing from the network. Categories may be configured to bypass break and inspect for domain categories (e.g., banking, medical, government). This is typically done so that PII data is not inspected. NGINX Plus N/A F5 XC F5 XC CEs provide forward proxy capabilities with the ability to restrict domain and URL access. https://docs.cloud.f5.com/docs/how-to/network-firewall/forward-proxy-policies Domain Reputation Filtering BIG-IP BIG-IP provides the ability to deny access to domains via a list or categories of domains enforced at the HTTP protocol layer. Domain filtering can also be provided via DNS using a list of domains or an integration with a RPZ provider such as Spamhaus or SUBRL. NGINX Plus N/A F5 XC N/A Bandwidth Control BIG-IP F5 BIG-IP provides the ability to limit bandwidth on a per application basis. https://techdocs.f5.com/en-us/BIG-IP-16-1-0/big-ip-policy-enforcement-manager-implementations/managing-traffic-with-bandwidth-controllers.html NGINX Plus F5 NGINX Plus provides the ability to rate limit on a per application basis in a containerized/Kubernetes environment. F5 XC F5 XC provides the ability to rate limit on a per application basis at a regional edge, on-prem or in the cloud. Malicious Content Filtering BIG-IP BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. NGINX Plus N/A F5 XC N/A Access Control BIG-IP F5 BIG-IP provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. NGINX Plus F5 NGINX Plus provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. F5 XC F5 XC provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. Resiliency PEP Security Capabilities Distributed Denial of Service Protections BIG-IP BIG-IP provides protection against DOS attacks at layers 3-7 by providing the ability to learn traffic patterns and establish a baseline. BIG-IP Layer 3-4 capabilities provide protection against IP, UDP and TCP based attacks. Layer 7 capabilities provide protection against DNS, TLS and HTTP based DOS attacks. NGINX Plus NGINX Plus provides protection against HTTP based DOS attacks. F5 XC F5 XC provides protection against HTTP based DOS attacks. Elastic Expansion BIG-IP F5 BIG-IP provides the ability to scale out applications by distributed the application traffic across as many instances as needed. NGINX Plus F5 NGINX Plus provides the ability to scale out applications by distributed the application traffic across as many instances as needed in a containerized environment. F5 XC F5 XC provides the ability to scale out applications by distributed the application traffic across as many instances as needed. Regional Delivery BIG-IP N/A NGINX Plus N/A F5 XC F5 XC provides the ability through a Regional Edge to host containerized application and their associated services through a secure scalable fabric. Additionally, F5 XC’s Regional Edge provides the ability to scale, secure and deliver applications across a geographically dispersed set of environments. Domain Name System PEP Security Capabilities Domain Name Sinkholing BIG-IP Domain Name Sinkholing DNS using a list of domains or an integration with a RPZ provider such as Spamhaus or SUBRL. NGINX Plus N/A F5 XC N/A Domain Name Verification for Agency Clients BIG-IP F5 BIG-IP can enforce that queries from agency clients utilize DNSSEC NGINX Plus N/A F5 XC N/A Domain Name Validation for Agency Domains BIG-IP F5 BIG-IP can enforce DNSSEC chain of trust for all agency domains. NGINX Plus N/A F5 XC N/A Intrusion Detection PEP Security Capabilities Intrusion Detection and Prevention Systems BIG-IP F5 BIG-IP provides Intrusion Detection capabilities that allow for the reporting and blocking of threats over a wide range of protocols. NGINX Plus N/A F5 XC N/A Enterprise PEP Security Capabilities Virtual Private Network BIG-IP F5 BIG-IP provides site-to-site IPSEC capabilities along with end user remote access SSL VPN. NGINX Plus N/A F5 XC N/A Application Container BIG-IP N/A NGINX Plus F5 NGINX Plus provides load balancing, ingress services (for K8s), WAF, HTTP DOS protection and API Security for containerized services. F5 XC F5 XC provides the ability to host containerized services in F5 XC Regional Edge. Services PEP Security Capabilities Active Content Mitigation BIG-IP BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. NGINX Plus N/A F5 XC N/A Data Loss Prevention BIG-IP BIG-IP can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. Additionally, BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a DLP solution for further inspection preventing sensitive data leakage. NGINX Plus NGINX Plus can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. F5 XC F5 XC can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. Protocol Compliance Enforcement BIG-IP F5 BIG-IP provides the ability to enforce protocol compliance for HTTP and DNS protocols. NGINX Plus F5 NGINX Plus provides the ability to enforce protocol compliance for the HTTP protocol. F5 XC F5 XC provides the ability to enforce protocol compliance for the HTTP protocol. Malicious Content Filtering BIG-IP BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. NGINX Plus N/A F5 XC N/A Access Control BIG-IP F5 BIG-IP provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. NGINX Plus F5 NGINX Plus provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. F5 XC F5 XC provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. Identity PEP Security Capabilities Behavioral Baselining BIG-IP BIG-IP can learn HTTP traffic patterns and establish a baseline to protect applications. NGINX Plus N/A F5 XC N/A Multi-factor Authentication BIG-IP F5 BIG-IP supports requiring SAML, OIDC, Active Directory, and mTLS authentication before a client can access an application NGINX Plus F5 BIG-IP NGINX Plus supports requiring OIDC, and mTLS authentication before a client can access an application containerized format. F5 XC N/A Continuous Authentication BIG-IP F5 BIG-IP provides the ability to authenticate users prior to accessing an application. After access to the application BIG-IP can enforce periodic requests for authentication to reverify the client’s identity in addition to their OS posture. NGINX Plus N/A F5 XC N/A
Ryan_Johnson
Mar 05, 2024 Place Technical Articles
287Views
2likes
0Comments
Zero Trust - Making use of a Powerful Identity Aware Proxy (Hands on lab)
Zero Trust - Making use of a powerfull Identity Aware Proxy to allow for more contextual awareness while securing modern applications.
momahdy
Oct 28, 2022 Place Technical Articles
3.5KViews
7likes
2Comments
F5's Access Policy Manager the Access Proxy for Zero Trust Architectures
In my previous article titled 7 Steps for Successfully Implementing Zero Trust Architectures, I detailed how to get started on the journey of implementing Zero Trust Architectures. In that article, I pointed out 7 steps I felt were critical in effectively implementing a Zero Trust Architecture. One of the necessary steps was having a robust Access Proxy. This article will showcase F5’s robust Access Proxy. In a Zero Trust architecture the centralized control point for all clients and applications is the Access Proxy. At the Access Proxy we need to handle authentication, authorization, and centralized logging. This Access Proxy should interface with multiple systems for authentication, handling both multi factor authentication and Single Sign On (SSO) to relieve users of the burden of logging into multiple systems. This Access Proxy initially checks and continuously monitors devices for the required configuration. Finally, robust Access Proxy should be able to seamlessly integrate with third party solutions. F5’s Access Proxy is the Access Policy Manager (APM). APM is one of the best Access Proxy’s on the market. The following sections will highlight the versatility and ease that F5’s solution offers: Select Appropriate Configuration F5 released Access Guided Configurations to make it simple and intuitive. The image below illustrates all the guided configurations available at the time of this article. This article we will focus on the Zero Trust selection. Click the Zero Trust option Verify Required Configuration F5 will verify that basic configuration items required are present. If not, you will be guided through the steps. Here the base configuration is already in place. Select Appropriate Configuration Determine whether a single or multi proxy topology is required. You are presented a diagram and a description to help make the decision based on your requirements. Select Appropriate Configuration Object The next decision is the enabling/leaving unselected any of the following items based on how you decided to implement this solution. The user will be presented different options based on their previous selections. ● Device Posture ● MFA ● SSO ● Application Group ● Webtop Select Appropriate Authentication Properties Based on your environment you are offered the authentication type required and supported by APM. Select Appropriate MFA Properties - If Selected F5 has developed third party integrations based on demand from customers. This simplifies and streamlines the process. Review and Modify Session Management Variables F5 provides the opportunity to fine tune session variables before finalizing the configuration. The form has default values provided, if you are unsure. Review and Modify Final Deployment The final step in this Guide Configuration before deployment is reviewing and the ability to edit anything previously configured before deployment. Closing – As illustrated, F5’s APM solution deployed as an Identity Aware Proxy nicely fits in a Zero Trust Architecture. IAP is a single control point for all users and devices accessing your applications. IAP continuously monitors users and devices and applies access control policies as finely grained as you specify. It will handle SSO and MFA if configured. The APM has the ability to be configured to implement a per-request policy enforcement posture to better align with a Zero Trust Architecture. This article was not meant for a step by step guide to implement F5’s APM in a Zero Trust Architecture. This was to show the ease of deployment and how this implementation walks one through the setup. https://www.f5.com/company/blog/zero-trust-azure-active-directory-access-big-ip-apm For detailed steps I have linked several resources below. https://clouddocs.f5.com/training/community/access-solutions/ https://clouddocs.f5.com/training/community/iam/html/class2/class2.html #zerotrust #ZT #ZTA #ZTNA
Ted_Byerly
Mar 09, 2022 Place Technical Articles
1KViews
4likes
0Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/zerotrust\"}}})":{"__typename":"ComponentRenderResult","html":"

Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/zerotrust\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/zerotrust\"}}})":{"__typename":"ComponentRenderResult","html":"

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListTabs\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListTabs-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1744046271000"}],"cachedText({\"lastModified\":\"1744046271000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1744046271000"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1745595724052":{"__typename":"CachedAsset","id":"pages-1745595724052","value":[{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501733000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:theme:customTheme1-1745595709159":{"__typename":"CachedAsset","id":"theme:customTheme1-1745595709159","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1744046271000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1744046271000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1744046271000","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1745595707587":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1745595707587","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1744046271000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1745595707342":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1745595707342","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.GainsightShared","props":{"widgetVisibility":"signedInOnly","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:component:custom.widget.GainsightShared-en-us-1745595741765":{"__typename":"CachedAsset","id":"component:custom.widget.GainsightShared-en-us-1745595741765","value":{"component":{"id":"custom.widget.GainsightShared","template":{"id":"GainsightShared","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.GainsightShared","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-us-1745595741765":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-us-1745595741765","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-us-1745595741765":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-us-1745595741765","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-us-1745595741765":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-us-1745595741765","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-us-1745595741765":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-us-1745595741765","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1744046271000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1744046271000","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1744046271000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1743095186784":"Most Recent Updates","title@instance:1704317906837":"Content Feed","title@instance:1743095018194":"Most Recent Updates","title@instance:1702668293472":"Community Feed","title@instance:1743095117047":"Most Recent Updates","title@instance:1704319314827":"Blog Feed","title@instance:1743095235555":"Most Recent Updates","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1743095311723":"Most Recent Updates","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"Articles"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"TechnicalArticles","nodeType":"board","conversationStyle":"TKB","title":"Technical Articles","shortTitle":"Technical Articles","parent":{"__ref":"Category:category:Articles"}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"security-insights","nodeType":"board","conversationStyle":"TKB","title":"Security Insights","shortTitle":"Security Insights","parent":{"__ref":"Category:category:Articles"}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:334327":{"__typename":"Conversation","id":"conversation:334327","topic":{"__typename":"TkbTopicMessage","uid":334327},"lastPostingActivityTime":"2024-09-25T11:58:39.300-07:00","solved":false},"User:user:73921":{"__typename":"User","uid":73921,"login":"Dharminder","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MzkyMS14cFZvSDI?image-coordinates=35%2C195%2C924%2C1084"},"id":"user:73921"},"TkbTopicMessage:message:334327":{"__typename":"TkbTopicMessage","subject":"Exploring the Zero Trust Models of AWS, Microsoft, and Google","conversation":{"__ref":"Conversation:conversation:334327"},"id":"message:334327","revisionNum":15,"uid":334327,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:73921"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":307},"postTime":"2024-09-25T11:58:39.300-07:00","lastPublishTime":"2024-09-25T11:58:39.300-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" In today’s world of distributed workforces, cloud services, and sophisticated cyber threats, the traditional security approach where everyone inside the network is trusted has become obsolete. The Zero Trust Model has emerged as the new paradigm, enforcing strict identity verification, granular access control, and continuous monitoring for all users, devices, and resources, regardless of their location. \n Big Cloud providers such as AWS (Amazon Web Services), Microsoft, and Google have each adopted their own version of Zero Trust architecture. In this article we will understand the basics of the mentioned Zero Trust models, its key principles and components. \n \n What is Zero Trust? \n Zero Trust is a security framework based on the principle of \"never trust, always verify.\" Unlike traditional network security models, Zero Trust does not assume that users or devices inside the network are inherently trustworthy. Instead, every user, device, and request must be constantly verified and approved. They must be given the minimum amount of access they need based on their identity and security status. \n \n AWS Zero Trust Model \n The AWS Zero Trust model is a security framework that aims to protect resources by enforcing strict verification, regardless of whether access requests originate from inside or outside a traditional network perimeter. It focuses on continuous validation of trust, treating every access attempt as potentially hostile unless explicitly authenticated and authorized. To get more clearer picture, let's understand the key principles, components followed by an example. \n Key Principles: \n \n Identity-Centric Approach: AWS shifts the security focus to identities (users, devices, services), ensuring that every entity is authenticated and authorized for each action. \n Least Privilege Access: Access permissions are granted based on the minimal necessary level, reducing the impact of compromised accounts. \n Context-Aware Access: AWS evaluates additional signals like location, device health, and behavior before granting access to resources. \n Segmented and Isolated Resources: AWS employs segmentation to isolate workloads, limiting lateral movement if one component is compromised. \n Continuous Monitoring and Logging: AWS integrates real-time monitoring and logging to detect suspicious activities and adjust security policies dynamically. \n \n Key Components: \n \n AWS Identity and Access Management (IAM): Central to AWS's Zero Trust model, IAM allows you to manage fine-grained permissions and define access control policies for each user, role, and resource. \n Multi-Factor Authentication (MFA): AWS uses MFA to enforce stronger identity verification, requiring users to authenticate using something they know (password) and something they have (token or device). \n AWS CloudTrail and GuardDuty: These services provide continuous monitoring, logging, and threat detection, identifying unusual behavior and potential security risks. \n Encryption and Secure Communications: AWS enforces encryption both in transit and at rest, ensuring data integrity and confidentiality, with access controlled by encryption keys managed through AWS Key Management Service (KMS). \n Zero Trust Network Access (ZTNA): AWS offers solutions such as AWS PrivateLink and VPC endpoints to secure and isolate traffic, minimizing exposure to public networks. \n \n Example: \n Imagine an organization running an e-commerce platform on AWS, where sensitive customer data is stored in databases and accessed by employees, services, and third-party APIs. Instead of trusting access by default, AWS Zero Trust ensures that every access request is verified at each stage. \n If an employee attempts to access a customer database: \n \n IAM and MFA verify the employee’s identity and enforce role-based access control, ensuring they only have the necessary permissions. \n Device and Location Verification: AWS checks if the employee is using a trusted device from an expected location, applying additional security measures if an anomaly is detected (For example., logging in from an unusual location). \n Network Isolation: AWS VPC and PrivateLink ensures that database traffic remains isolated, preventing lateral movement even if other systems are compromised. \n Logging and Monitoring: AWS CloudTrail logs the access attempt, while AWS GuardDuty monitors for any suspicious behavior like abnormal data access patterns. If a threat is detected, the system can revoke access or trigger an alert. \n \n In this way, AWS Zero Trust minimizes the risk of unauthorized access and data breaches, providing continuous protection of resources, whether they are inside or outside the traditional network boundary. \n \n Microsoft Zero Trust Model \n The Microsoft Zero Trust model is built on real Microsoft features that work together to protect data and resources by eliminating implicit trust. The model continuously verifies identities, devices, and access requests across the entire environment, ensuring security for both internal and external access. To find out more about Microsoft's Zero Trust model, let's understand the key principles, components followed by an example. \n Key Principles: \n \n Verify Explicitly: Always authenticate and authorize using all available data points like identity, location, device, health, service, and anomaly detection. \n Least Privileged Access: Enforce least privilege by granting only the minimum level of access necessary for users to perform their tasks. \n Assume Breach: Operate with the mindset that a breach has already occurred, and implement strategies to limit lateral movement, detect anomalies, and mitigate risks. \n \n Key Components: \n \n Azure Active Directory (Azure AD): Azure AD provides identity verification through Single Sign-On (SSO), Multifactor Authentication (MFA), and Conditional Access, which adapts access policies based on the user’s context (For example., location, device compliance, or risk score). \n Microsoft Intune: For managing devices, Intune enforces compliance policies, ensuring that only secure and compliant devices can access resources. Through Mobile Device Management (MDM) and Mobile Application Management (MAM), it provides control over both corporate-owned and personal devices (BYOD). \n Microsoft Defender for Endpoint: This tool ensures device security by providing endpoint detection and response (EDR), identifying vulnerabilities and threats on devices, and enforcing security baselines. It continuously monitors and responds to potential breaches or compromised endpoints. \n Azure Information Protection (AIP): AIP helps protect sensitive data by classifying and labeling information. It also provides encryption and access control, ensuring data protection both at rest and in transit, regardless of where it is stored or shared. \n Microsoft Defender for Identity: This component integrates identity protection by continuously analyzing user activities and network signals to detect suspicious behaviors, compromised accounts, or insider threats. \n Microsoft Defender for Cloud: This feature secures cloud and hybrid infrastructure. It provides threat protection, vulnerability assessments, and compliance management across Azure and non-Azure environments, helping enforce Zero Trust principles on cloud workloads. \n Azure Sentinel: This is Microsoft's cloud-native Security Information and Event Management (SIEM) system, which provides intelligent security analytics and threat detection. It helps detect, prevent, and respond to security incidents by correlating data across multiple sources. \n Microsoft Endpoint Manager: This includes Intune and Configuration Manager, allowing centralized management of devices and applications while enforcing Zero Trust policies related to device compliance and security. \n Azure Network Security: Features like Azure Firewall, Azure DDoS Protection, Network Security Groups (NSGs), and Azure Private Link provide network-level segmentation and protection. These services prevent unauthorized lateral movement and secure network traffic through encryption and micro-segmentation. \n \n Example: \n Suppose a finance team member attempts to access a critical business application from a remote location. Here's how Microsoft's Zero Trust model enforces security: \n \n Identity Verification: Azure AD ensures the user's identity through MFA. A Conditional Access policy checks the user’s device compliance (managed through Intune) and location. If the login attempt is from an unusual place, additional security measures (like an extra MFA prompt) are applied. \n Device Compliance: Microsoft Defender for Endpoint checks if the user’s device meets security baselines (For example., updated OS, antivirus enabled). If the device is not compliant, access to the application is blocked or restricted until remediation. \n Access Control: Azure AD’s Conditional Access ensures that the user can only access the business application and not any other sensitive resources they don't need. Least-privilege access ensures this by restricting permissions based on role. \n Data Protection: Azure Information Protection encrypts any sensitive data accessed, preventing it from being exposed or mishandled even if downloaded or shared. AIP also tracks and audits access to the data. \n Monitoring and Threat Detection: Azure Sentinel continuously monitors the access session, using Microsoft Defender for Identity to detect any unusual or risky behavior (For example., multiple login attempts from different locations). If suspicious activity is detected, security alerts are triggered for investigation. \n \n In this way Microsoft features into the Zero Trust model ensures end-to-end protection, validating every access request and continuously monitoring for threats across identities, devices, data, and networks. \n \n Google Zero Trust Model (BeyondCorp) \n The Google Zero Trust model, also known as BeyondCorp, is a security framework that eliminates the need for a traditional network perimeter. Instead of assuming that internal networks are inherently secure, Google’s approach treats every access request—whether from within the corporate network or outside—as potentially risky. The model enforces “never trust, always verify” and emphasizes verifying users and devices at every step before granting access. \n Key Principles: \n \n Verify Every Access Request: Regardless of network location, every access request must be authenticated and authorized, using strong identity verification and device checks. \n Least Privilege Access: Limit user and device access to the minimum necessary, ensuring they can only access the resources required for their specific role. \n Continuous Monitoring: Continuously monitor users, devices, and behaviors to detect and respond to suspicious activity in real-time. \n Device Trust: Assess the security posture of the device before granting access, ensuring that only trusted, compliant devices are used. \n \n Key Components: \n \n Google Identity: Google’s identity system forms the basis of Zero Trust, enforcing strong identity verification with features like Single Sign-On (SSO) and Multi-Factor Authentication (MFA). It ensures that every user is authenticated before access is granted, whether the request originates from inside or outside the network. \n Access Proxy: This component of BeyondCorp acts as an intermediary between users and resources. Every access request is routed through this proxy, which enforces security policies and checks the identity, context, and device posture before granting access. \n Device Inventory and Management: Google maintains a detailed inventory of devices accessing corporate resources, ensuring that only compliant, up-to-date devices can connect. Device posture (For example., security patches, encryption status) is continuously assessed to maintain trust. \n Context-Aware Access: This feature dynamically adjusts access policies based on the user’s identity, device health, location, and risk factors. Google’s Access Control Policies are applied in real time, allowing access only if all conditions meet security requirements. \n Encryption and Secure Communication: All communication between users and resources is encrypted, ensuring data integrity and confidentiality. Google enforces encryption in transit and at rest for data protection. \n Continuous Monitoring and Threat Detection: Google uses extensive logging, monitoring, and machine learning to detect anomalies and security risks in real-time, enabling fast response to potential threats. \n \n Example: \n Imagine a scenario where a Google employee wants to access a sensitive cloud-based internal application while working from a public coffee shop. In a traditional security model, the internal network might trust access if the employee used a VPN. In Google’s Zero Trust model, no such implicit trust exists. \n Here’s how Google’s Zero Trust model would work: \n \n Identity and Device Verification: The employee attempts to log in through Google’s SSO, where their identity is verified using MFA. BeyondCorp checks if the device being used is a trusted, compliant device by consulting Google’s Device Inventory. If the device is missing a security update or is not encrypted, access is denied until the device is compliant. \n Context-Aware Access: Google’s Access Proxy examines additional context, such as the employee’s location (public Wi-Fi network) and device posture. Because the user is accessing from an untrusted network, the system applies stricter security policies. The employee may be asked for additional verification, such as a second MFA prompt, or have restricted access to only specific parts of the application. \n Real-Time Monitoring: While the employee is logged in, Google continuously monitors the session for any suspicious behavior, such as unusual data access patterns or changes in device posture. If abnormal activity is detected, Google’s system triggers an alert and can immediately terminate the session to prevent data compromise. \n Secure Access: Even while accessing sensitive data, the entire communication is encrypted both in transit and at rest, ensuring that no data is exposed on the public Wi-Fi network. Google’s encryption standards protect all data during access. \n \n In this way, Google's Zero Trust model ensures verification of identity, device, and context at every step and significantly reduces the risk of unauthorized access and breaches. \n I hope after reading the article up to this point, you are looking for information on F5 Zero Trust Security. I have collected links to some of the very good articles available on DevCentral and F5, which will definitely help you. \n Zero Trust Solutions \n What Is Zero Trust Security & Architecture? \n Secure Corporate Apps with a Zero Trust Security Model \n Zero Trust in an Application-Centric World \n Zero Trust - Making use of a powerfull Identity Aware Proxy \n Zero Trust Access with F5 Identity Aware Proxy and Crowdstrike Falcon | DevCentral \n Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM Access - Building Zero Trust strategy \n Zero Trust building blocks - Leverage NGINX Plus Single Sign-On (SSO) with F5 XC Web App & API Protection (WAAP) \n Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"15374","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:328134":{"__typename":"Conversation","id":"conversation:328134","topic":{"__typename":"TkbTopicMessage","uid":328134},"lastPostingActivityTime":"2024-03-05T13:19:01.687-08:00","solved":false},"User:user:403814":{"__typename":"User","uid":403814,"login":"Ryan_Johnson","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-6.svg?time=0"},"id":"user:403814"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgxMzQtVXp4UGE2?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgxMzQtVXp4UGE2?revision=6","title":"zeroTrust.jpg","associationType":"TEASER","width":1000,"height":550,"altText":""},"TkbTopicMessage:message:328134":{"__typename":"TkbTopicMessage","subject":"F5 TIC3.0 Capability Mappings","conversation":{"__ref":"Conversation:conversation:328134"},"id":"message:328134","revisionNum":6,"uid":328134,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:403814"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" ","introduction":"","metrics":{"__typename":"MessageMetrics","views":287},"postTime":"2024-02-28T09:51:13.359-08:00","lastPublishTime":"2024-03-05T13:19:01.687-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" About \n The information below lists how F5 products address TIC 3.0 capability requirements (Dec 2023/Version 3.1) from the context of how F5 can help the broader agency. \n \n Important Note: Prior to reading this please read each capability as defined in \n https://www.cisa.gov/sites/default/files/2023-12/CISA%20TIC%203.0%20Security%20Capabilities%20Catalog_508c.pdf \n \n If a capability is not explicitly listed it should be assumed the F5 product does not meet the requirement. \n At the core the security provided by TIC 3.0 is based on Zero Trust. If you would like to learn more about how F5 can help your agency meet its Zero Trust requirements, please contact your local account team for additional detail. \n \n F5 Products Background \n \n F5 BIG-IP is a reverse proxy with web application security and authentication capabilities. BIG-IP provides these capabilities for traditional applications. \n F5 BIG-IP delivers applications securely, efficiently and at scale. BIG-IP Web Application Firewall protects applications from the ever-evolving security threat landscape. Specific BIG-IP software modules are matched to certain capabilities below where applicable. \n F5 NGINX Plus is a reverse proxy with web application security and authentication capabilities in a containerized format. NGINX+ typical use cases is to provide these protections for modern containerized applications. \n F5 Distributed Cloud is a SaaS offering that provides Application Delivery, WAAP, DNS, DDOS to applications as an edge service. \n F5 Distributed Cloud also offers a “Customer Edge” CE that provides many of these same capabilities on-prem or in a Cloud Service Provider. \n F5 Distributed Cloud will be referred to as “F5 XC” below. \n \n \n TIC 3.0 Capabilities \n Universal Security Capabilities \n Central Log Management with Analysis \n \n BIG-IP\n \n BIG-IP provides application security and telemetry logging enterprise wide to a centralized log store. \n \n \n NGINX Plus\n \n NGINX Plus provides application security and telemetry logging enterprise wide to a centralized log store. \n \n \n F5 XC\n \n F5 XC provides application security and telemetry logging enterprise wide to a centralized log store. \n \n \n \n Configuration Management \n \n BIG-IP\n \n BIG-IP configuration and capabilities can be fully automated and orchestrated. \n \n \n NGINX Plus\n \n NGINX Plus configuration and capabilities can be fully automated and orchestrated. \n \n \n F5 XC\n \n F5 XC configuration and capabilities can be fully automated and orchestrated. \n \n \n \n Incident Response Planning and Incident Handling \n \n BIG-IP\n \n F5 BIG-IP provides the ability to detect, prevent and log application security events. \n \n \n NGINX Plus\n \n F5 NGINX Plus provides the ability to detect, prevent and log application security events in a containerized form factor. \n \n \n F5 XC\n \n F5 Distributed Cloud provides the ability to detect, prevent and log application security events. \n \n \n \n Strong Authentication \n \n BIG-IP\n \n F5 BIG-IP supports requiring SAML, OIDC, Active Directory, and mTLS authentication before a client can access an application \n \n \n NGINX Plus\n \n F5 BIG-IP NGINX Plus supports requiring OIDC, and mTLS authentication before a client can access an application containerized format. \n \n \n F5 XC\n \n N/A \n \n \n \n Enterprise Threat Intelligence \n \n BIG-IP\n \n F5 provides threat intelligence feeds that help organizations detect whether they are a target of a threat campaign. This service can be leveraged by BIG-IP. \n \n \n NGINX Plus\n \n F5 provides threat intelligence feeds that help organizations detect whether they are a target of a threat campaign. This service can be leveraged by NGINX Plus. \n \n \n F5 XC\n \n F5 provides threat intelligence feeds that help organizations detect whether they are a target of a threat campaign. This service can be leveraged by F5 XC. \n \n \n \n Dynamic Threat Discovery \n \n BIG-IP\n \n BIG-IP can learn HTTP traffic patterns and establish a baseline to protect applications. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Continuous Monitoring Reporting \n \n BIG-IP\n \n BIG-IP provides application security and telemetry logging providing vital application access, performance, and threat data for analysis. \n \n \n NGINX Plus\n \n NGINX Plus provides application security and telemetry logging providing vital application access, performance, and threat data for analysis. \n \n \n F5 XC\n \n F5 XC provides application security and telemetry logging providing vital application access, performance, and threat data for analysis. \n \n \n \n \n Web PEP Capabilities \n Break and Inspect \n \n BIG-IP\n \n F5 BIG-IP provides the ability to decrypt TLS traffic and send the decrypted traffic to any number of security devices, allowing the security devices. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Active Content Mitigation \n \n BIG-IP\n \n BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Certificate Denylisting \n \n BIG-IP\n \n F5 BIG-IP can enforce certification revocation on clients (human or non-human) presenting certificates (mTLS/Smart Card/CAC/PIV) via OCSP or CRLs before granting access to the application. BIG-IP can also be configured to deny certificates based on a blacklist. \n \n \n NGINX Plus\n \n F5 BIG-IP can enforce certification revocation on clients (human or non-human) presenting certificates (mTLS/Smart Card/CAC/PIV) via OCSP or CRLs before granting access to the application. \n \n \n F5 XC\n \n N/A \n \n \n \n Content Filtering \n \n BIG-IP\n \n BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Authenticated Proxy \n \n BIG-IP\n \n F5 BIG-IP is a reverse proxy that provides the ability to require SAML, OIDC, Active Directory and mTLS authentication before a client can access an application. \n \n \n NGINX Plus\n \n F5 BIG-IP NGINX Plus is a reverse proxy that provides the ability to require OIDC, and mTLS authentication before a client can access an application in a containerized format. \n \n \n F5 XC\n \n N/A \n \n \n \n Data Loss Prevention \n \n BIG-IP\n \n BIG-IP can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. Additionally, BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a DLP solution for further inspection preventing sensitive data leakage. \n \n \n NGINX Plus\n \n NGINX Plus can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. \n \n \n F5 XC\n \n F5 XC can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. \n \n \n \n Domain Resolution Filtering \n \n BIG-IP\n \n BIG-IP can report of block DNS over HTTPS originating from or destined for your agency. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Protocol Compliance Enforcement \n \n BIG-IP\n \n BIG-IP provides protocol compliance for both HTTP and DNS with the ability to report or reject traffic that is out of compliance. \n \n \n NGINX Plus\n \n NGINX Plus provides protocol compliance for HTTP with the ability to report or reject traffic that is out of compliance. \n \n \n F5 XC\n \n F5 XC provides protocol compliance for HTTP with the ability to report or reject traffic that is out of compliance. \n \n \n \n Domain Category Filtering \n \n BIG-IP\n \n BIG-IP provides break and inspect capabilities for traffic egressing from the network. Categories may be configured to bypass break and inspect for domain categories (e.g., banking, medical, government). This is typically done so that PII data is not inspected. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n F5 XC CEs provide forward proxy capabilities with the ability to restrict domain and URL access. https://docs.cloud.f5.com/docs/how-to/network-firewall/forward-proxy-policies \n \n \n \n Domain Reputation Filtering \n \n BIG-IP\n \n BIG-IP provides the ability to deny access to domains via a list or categories of domains enforced at the HTTP protocol layer. Domain filtering can also be provided via DNS using a list of domains or an integration with a RPZ provider such as Spamhaus or SUBRL. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Bandwidth Control \n \n BIG-IP\n \n F5 BIG-IP provides the ability to limit bandwidth on a per application basis. https://techdocs.f5.com/en-us/BIG-IP-16-1-0/big-ip-policy-enforcement-manager-implementations/managing-traffic-with-bandwidth-controllers.html \n \n \n NGINX Plus\n \n F5 NGINX Plus provides the ability to rate limit on a per application basis in a containerized/Kubernetes environment. \n \n \n F5 XC\n \n F5 XC provides the ability to rate limit on a per application basis at a regional edge, on-prem or in the cloud. \n \n \n \n Malicious Content Filtering \n \n BIG-IP\n \n BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Access Control \n \n BIG-IP\n \n F5 BIG-IP provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. \n \n \n NGINX Plus\n \n F5 NGINX Plus provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. \n \n \n F5 XC\n \n F5 XC provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. \n \n \n \n \n Resiliency PEP Security Capabilities \n Distributed Denial of Service Protections \n \n BIG-IP\n \n BIG-IP provides protection against DOS attacks at layers 3-7 by providing the ability to learn traffic patterns and establish a baseline. BIG-IP Layer 3-4 capabilities provide protection against IP, UDP and TCP based attacks. Layer 7 capabilities provide protection against DNS, TLS and HTTP based DOS attacks. \n \n \n NGINX Plus\n \n NGINX Plus provides protection against HTTP based DOS attacks. \n \n \n F5 XC\n \n F5 XC provides protection against HTTP based DOS attacks. \n \n \n \n Elastic Expansion \n \n BIG-IP\n \n F5 BIG-IP provides the ability to scale out applications by distributed the application traffic across as many instances as needed. \n \n \n NGINX Plus\n \n F5 NGINX Plus provides the ability to scale out applications by distributed the application traffic across as many instances as needed in a containerized environment. \n \n \n F5 XC\n \n F5 XC provides the ability to scale out applications by distributed the application traffic across as many instances as needed. \n \n \n \n Regional Delivery \n \n BIG-IP\n \n N/A \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n F5 XC provides the ability through a Regional Edge to host containerized application and their associated services through a secure scalable fabric. Additionally, F5 XC’s Regional Edge provides the ability to scale, secure and deliver applications across a geographically dispersed set of environments. \n \n \n \n \n Domain Name System PEP Security Capabilities \n Domain Name Sinkholing \n \n BIG-IP\n \n Domain Name Sinkholing DNS using a list of domains or an integration with a RPZ provider such as Spamhaus or SUBRL. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Domain Name Verification for Agency Clients \n \n BIG-IP\n \n F5 BIG-IP can enforce that queries from agency clients utilize DNSSEC \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Domain Name Validation for Agency Domains \n \n BIG-IP\n \n F5 BIG-IP can enforce DNSSEC chain of trust for all agency domains. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n \n Intrusion Detection PEP Security Capabilities \n Intrusion Detection and Prevention Systems \n \n BIG-IP\n \n F5 BIG-IP provides Intrusion Detection capabilities that allow for the reporting and blocking of threats over a wide range of protocols. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n \n Enterprise PEP Security Capabilities \n Virtual Private Network \n \n BIG-IP\n \n F5 BIG-IP provides site-to-site IPSEC capabilities along with end user remote access SSL VPN. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Application Container \n \n BIG-IP\n \n N/A \n \n \n NGINX Plus\n \n F5 NGINX Plus provides load balancing, ingress services (for K8s), WAF, HTTP DOS protection and API Security for containerized services. \n \n \n F5 XC\n \n F5 XC provides the ability to host containerized services in F5 XC Regional Edge. \n \n \n \n \n Services PEP Security Capabilities \n Active Content Mitigation \n \n BIG-IP\n \n BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n \n Data Loss Prevention \n \n BIG-IP\n \n BIG-IP can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. Additionally, BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a DLP solution for further inspection preventing sensitive data leakage. \n \n \n NGINX Plus\n \n NGINX Plus can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. \n \n \n F5 XC\n \n F5 XC can detect and block sensitive data leaving an application. Data patterns that are deemed sensitive can be added. \n \n \n \n Protocol Compliance Enforcement \n \n BIG-IP\n \n F5 BIG-IP provides the ability to enforce protocol compliance for HTTP and DNS protocols. \n \n \n NGINX Plus\n \n F5 NGINX Plus provides the ability to enforce protocol compliance for the HTTP protocol. \n \n \n F5 XC\n \n F5 XC provides the ability to enforce protocol compliance for the HTTP protocol. \n \n \n \n Malicious Content Filtering \n \n BIG-IP\n \n BIG-IP provides the ability to decrypt TLS traffic and send this traffic to a content filtering solution for further inspection. This allows the filtering solution to inspect previously encrypted traffic and remove any malicious content. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Access Control \n \n BIG-IP\n \n F5 BIG-IP provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. \n \n \n NGINX Plus\n \n F5 NGINX Plus provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. \n \n \n F5 XC\n \n F5 XC provides the ability to define policies to limit actions on protected web applications. This is achieved by limiting on a per user and per application basis the URLs and HTTP methods that a user is permitted to access. \n \n \n \n \n Identity PEP Security Capabilities \n Behavioral Baselining \n \n BIG-IP\n \n BIG-IP can learn HTTP traffic patterns and establish a baseline to protect applications. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n \n Multi-factor Authentication \n \n BIG-IP\n \n F5 BIG-IP supports requiring SAML, OIDC, Active Directory, and mTLS authentication before a client can access an application \n \n \n NGINX Plus\n \n F5 BIG-IP NGINX Plus supports requiring OIDC, and mTLS authentication before a client can access an application containerized format. \n \n \n F5 XC\n \n N/A \n \n \n \n Continuous Authentication \n \n BIG-IP\n \n F5 BIG-IP provides the ability to authenticate users prior to accessing an application. After access to the application BIG-IP can enforce periodic requests for authentication to reverify the client’s identity in addition to their OS posture. \n \n \n NGINX Plus\n \n N/A \n \n \n F5 XC\n \n N/A \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"16399","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgxMzQtVXp4UGE2?revision=6\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:302061":{"__typename":"Conversation","id":"conversation:302061","topic":{"__typename":"TkbTopicMessage","uid":302061},"lastPostingActivityTime":"2022-10-27T22:32:35.312-07:00","solved":false},"User:user:195330":{"__typename":"User","uid":195330,"login":"momahdy","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xOTUzMzAtaENpUGx2?image-coordinates=0%2C588%2C1080%2C1668"},"id":"user:195330"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk5MDNpRDMxN0FERjQ0MUEyQUEyQQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk5MDNpRDMxN0FERjQ0MUEyQUEyQQ?revision=4","title":"CoverPhoto_0017_olieman-eth--o90yRQoXAM-unsplash.jpg","associationType":"COVER","width":1000,"height":1000,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDVpNzQxNzhBREFEQ0NFMDQ2Rg?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDVpNzQxNzhBREFEQ0NFMDQ2Rg?revision=4","title":"mmahdy_24-1664630371227.png","associationType":"BODY","width":2652,"height":866,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjBpNzE2N0Y4NDNGMjYzMTkyMw?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjBpNzE2N0Y4NDNGMjYzMTkyMw?revision=4","title":"mmahdy_0-1664626443009.png","associationType":"BODY","width":1792,"height":826,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjFpQkUxNkY2MTU3RDhCMEQ0Rg?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjFpQkUxNkY2MTU3RDhCMEQ0Rg?revision=4","title":"mmahdy_1-1664627032026.png","associationType":"BODY","width":3552,"height":1575,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjJpNjJBMENCQ0I5MTMwMUE4Nw?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjJpNjJBMENCQ0I5MTMwMUE4Nw?revision=4","title":"mmahdy_2-1664627337828.png","associationType":"BODY","width":3104,"height":1807,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjRpOUEyMzA3MUZDQzRFMUY5OQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjRpOUEyMzA3MUZDQzRFMUY5OQ?revision=4","title":"mmahdy_4-1664627604089.png","associationType":"BODY","width":2279,"height":2155,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjVpMTlEQzNCRjgzMjA0RjcwMw?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjVpMTlEQzNCRjgzMjA0RjcwMw?revision=4","title":"mmahdy_5-1664627722231.png","associationType":"BODY","width":2067,"height":1883,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjZpRTU2NjJCRjM3ODk5Q0FFMQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjZpRTU2NjJCRjM3ODk5Q0FFMQ?revision=4","title":"mmahdy_6-1664627908401.png","associationType":"BODY","width":2239,"height":1013,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjdpNENBMjQyNTgzQjQ2RENBMQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjdpNENBMjQyNTgzQjQ2RENBMQ?revision=4","title":"mmahdy_7-1664627993220.png","associationType":"BODY","width":2319,"height":1967,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjhpNTFFNTkwNzYwNjFDM0E0NQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjhpNTFFNTkwNzYwNjFDM0E0NQ?revision=4","title":"mmahdy_8-1664628122961.png","associationType":"BODY","width":2295,"height":599,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzBpNzBEQzFDRERGRjA1NUJEMQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzBpNzBEQzFDRERGRjA1NUJEMQ?revision=4","title":"mmahdy_9-1664628202728.png","associationType":"BODY","width":2396,"height":2026,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzFpNEU3REMxMDhCNkRDNDQzRg?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzFpNEU3REMxMDhCNkRDNDQzRg?revision=4","title":"mmahdy_10-1664628245131.png","associationType":"BODY","width":1720,"height":1053,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzNpRjY4QzlFMjNBQzVDREIzMQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzNpRjY4QzlFMjNBQzVDREIzMQ?revision=4","title":"mmahdy_12-1664628635377.png","associationType":"BODY","width":2244,"height":1263,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzJpNTE5OERCMTZGM0Q3N0NEMg?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzJpNTE5OERCMTZGM0Q3N0NEMg?revision=4","title":"mmahdy_11-1664628615722.png","associationType":"BODY","width":2810,"height":1839,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzRpRDRBRjE2NTQwOTBFODU1RQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzRpRDRBRjE2NTQwOTBFODU1RQ?revision=4","title":"mmahdy_13-1664628828893.png","associationType":"BODY","width":2214,"height":1440,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzVpNEIwREYxNTRGOEU0Nzc4Mw?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzVpNEIwREYxNTRGOEU0Nzc4Mw?revision=4","title":"mmahdy_14-1664628958094.png","associationType":"BODY","width":2192,"height":795,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzZpMzE3NTZBMkFFOEYzRTJGNQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzZpMzE3NTZBMkFFOEYzRTJGNQ?revision=4","title":"mmahdy_15-1664629020849.png","associationType":"BODY","width":2207,"height":1479,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzdpODMzRjdDRDZBRjk0QzQ2QQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzdpODMzRjdDRDZBRjk0QzQ2QQ?revision=4","title":"mmahdy_16-1664629087013.png","associationType":"BODY","width":2210,"height":1031,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzhpNzQwQkY1NjU5Q0RDMDFGMw?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzhpNzQwQkY1NjU5Q0RDMDFGMw?revision=4","title":"mmahdy_17-1664629210372.png","associationType":"BODY","width":2345,"height":1885,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzlpQkYwMzAzOTZDOUVDM0ExRg?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzlpQkYwMzAzOTZDOUVDM0ExRg?revision=4","title":"mmahdy_18-1664629256316.png","associationType":"BODY","width":3154,"height":1647,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDBpODU5N0ZFRTRFNjIwQkFBQQ?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDBpODU5N0ZFRTRFNjIwQkFBQQ?revision=4","title":"mmahdy_19-1664629332235.png","associationType":"BODY","width":3218,"height":1746,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDFpRkIwOEVFMUQ5RENFNkJBNw?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDFpRkIwOEVFMUQ5RENFNkJBNw?revision=4","title":"mmahdy_20-1664629661316.png","associationType":"BODY","width":3322,"height":1622,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDJpM0M3OUQ4N0FBOUI0Mjg0Qw?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDJpM0M3OUQ4N0FBOUI0Mjg0Qw?revision=4","title":"mmahdy_21-1664629723536.png","associationType":"BODY","width":3299,"height":1519,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDNpQzcwQTcxNDgxMDM5NzFGMg?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDNpQzcwQTcxNDgxMDM5NzFGMg?revision=4","title":"mmahdy_22-1664629837914.png","associationType":"BODY","width":2986,"height":1402,"altText":null},"TkbTopicMessage:message:302061":{"__typename":"TkbTopicMessage","subject":"Zero Trust - Making use of a Powerful Identity Aware Proxy (Hands on lab)","conversation":{"__ref":"Conversation:conversation:302061"},"id":"message:302061","revisionNum":4,"uid":302061,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:195330"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Zero Trust - Making use of a powerfull Identity Aware Proxy to allow for more contextual awareness while securing modern applications. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":3477},"postTime":"2022-10-05T10:31:13.831-07:00","lastPublishTime":"2022-10-27T22:32:35.312-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction \n Securing the traditional network perimeter (a.k.a., the moat and castle approach) is no longer sufficient. With the rise of applications being deployed in multi-clouds and the growing mobile workforce, the network perimeter has all but disappeared. Zero Trust eliminates the idea of a trusted network inside a defined perimeter. Today, you must apply least-privilege user access and scrutinize it as much as possible, assume attackers are already on the network and hiding in it, and get more context and visibility from the control points. The Zero Trust axiom is, “Never trust, always verify.” Never trust users, even if they’ve already been authenticated, authorized, and granted access to applications and resources. Always verify and scrutinize user identity, device type and integrity, location, the applications and resources to which access is being requested, and more. \n \n F5 does add value and delivers key components you will need in deploying a comprehensive Zero Trust approach. With our robust application security portfolio and ability to secure the new control points in a Zero Trust environment, F5 provides you with the building blocks necessary to address a “Never trust, always verify” approach to securing today’s applications, and also adds a third principle to Zero Trust, “Continuously monitor.” From F5’s perspective, these are the four control points that you need to secure: - The endpoints accessing applications. - The applications (regardless if they are native cloud or SaaS apps, or classic and custom applications). - The identity service. - The network infrastructure. \n \n In this article we will have a walk through UDF lab to see how we can apply the princinples of Zero trust with the use of F5 BIG-IP APM Identity Aware Proxy. The UDF lab can be accessible through this link, https://udf.f5.com/b/c1e56048-dac7-4fa8-9ae5-667f1a3970da#documentation \n And for more use cases, a detailed cloud docs lab series to have a look at, https://clouddocs.f5.com/training/community/iam/html/class2/module1/lab01.html \n A walkthrough Youtube video is available as well, that utilizes the Application group concept, https://www.youtube.com/watch?v=LUWvHkchlSY \n An Integration of F5 BIG-IP APM with CrowdStrike Falcon, to allow for User and Identity Behavior Analysis (UEBA) integrtion with F5 Identity Aware Proxy to provide enhanced view to end point posture, by J_McInnes https://community.f5.com/t5/technical-articles/zero-trust-access-with-f5-identity-aware-proxy-and-crowdstrike/ta-p/292615 \n Guided Configurations settings \n \n Using guided configurations simplify the setup of Identity Aware proxy by allowing us to create the required components in the following sections. \n Config. Properties \n \n Device Posture \n - CA Trust Certifciate, is the one used to sign data received from F5 Access Guard towards F5 BIG-IP APM. \n \n Virtual Server Settings \n \n User Identity \n \n Authentication settings \n In this lab, the servers were created separately outside of the guided configurations and added lateron, we can follow another approach of creating the AD server from within the guided configurations window. \n \n Multi-Factor Authentication (MFA) \n Select one of the MFA options below, in our case (we go with Custom Radius based) \n \n Below are the custom radius settings for our MFA setup. \n \n Single Sign-On Settings \n \n Applications \n Under the Applications section we set two values, - Authentication FQDN, the domain where users are directed to go through the user identity part. - Application FQDN, and the pool members where the service is hosted. \n \n \n Webtop settings \n Specify Authentication and MFA pointers for webtop setup. \n \n Contextual Access properties \n This one can be broken into three areas, \n - Rule properties, where we specify the applied rules for authentication, single sign-on and device posture check. \n \n - Assign user groups \n \n - Additional checks \n Select the action for adding the MFA step to the flow \n \n Customization Properties \n Where we setup the GUI settings, policies and remediation settings. \n \n Session Managemet settings \n \n Summary \n Checking the summary and Deploy \n \n User Testing \n - Once user writes https://basic.acme.com in the web browser, redirection occurs towards iap1.acme.com to enforce authentication and MFA. \n \n - Once user pass the Authentication / MFA successfully the user is directed to the application. \n \n \n - Now, we try to turn off the firewall OFF, the device posture checks get an update from F5 Access Guard and based on that block the incoming requests. \n \n \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4776","kudosSumWeight":7,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk5MDNpRDMxN0FERjQ0MUEyQUEyQQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDVpNzQxNzhBREFEQ0NFMDQ2Rg?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjBpNzE2N0Y4NDNGMjYzMTkyMw?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjFpQkUxNkY2MTU3RDhCMEQ0Rg?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjJpNjJBMENCQ0I5MTMwMUE4Nw?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjRpOUEyMzA3MUZDQzRFMUY5OQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjVpMTlEQzNCRjgzMjA0RjcwMw?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjZpRTU2NjJCRjM3ODk5Q0FFMQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjdpNENBMjQyNTgzQjQ2RENBMQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MjhpNTFFNTkwNzYwNjFDM0E0NQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzBpNzBEQzFDRERGRjA1NUJEMQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzFpNEU3REMxMDhCNkRDNDQzRg?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzNpRjY4QzlFMjNBQzVDREIzMQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzJpNTE5OERCMTZGM0Q3N0NEMg?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzRpRDRBRjE2NTQwOTBFODU1RQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzVpNEIwREYxNTRGOEU0Nzc4Mw?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzZpMzE3NTZBMkFFOEYzRTJGNQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzdpODMzRjdDRDZBRjk0QzQ2QQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzhpNzQwQkY1NjU5Q0RDMDFGMw?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4MzlpQkYwMzAzOTZDOUVDM0ExRg?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDBpODU5N0ZFRTRFNjIwQkFBQQ?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDFpRkIwOEVFMUQ5RENFNkJBNw?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDJpM0M3OUQ4N0FBOUI0Mjg0Qw?revision=4\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDIwNjEtMTk4NDNpQzcwQTcxNDgxMDM5NzFGMg?revision=4\"}"}}],"totalCount":24,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:291883":{"__typename":"Conversation","id":"conversation:291883","topic":{"__typename":"TkbTopicMessage","uid":291883},"lastPostingActivityTime":"2022-03-09T11:46:51.546-08:00","solved":false},"User:user:275378":{"__typename":"User","uid":275378,"login":"Ted_Byerly","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-10.svg?time=0"},"id":"user:275378"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODRpOTREQ0U3RUE4MzQyRTYyOA?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODRpOTREQ0U3RUE4MzQyRTYyOA?revision=35","title":"Screen Shot 2022-01-31 at 9.11.42 AM.png","associationType":"COVER","width":962,"height":496,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzRpOEYyRTgzNzY1QTcyMTNEOA?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzRpOEYyRTgzNzY1QTcyMTNEOA?revision=35","title":"Guided Configuration.png","associationType":"BODY","width":1851,"height":694,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzVpNzZBRTkzQzM0QUREQzQ2Mg?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzVpNzZBRTkzQzM0QUREQzQ2Mg?revision=35","title":"Required Configuration.png","associationType":"BODY","width":461,"height":558,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzZpQjNBQTRBQjBEMTRDQjFGMA?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzZpQjNBQTRBQjBEMTRDQjFGMA?revision=35","title":"Single Proxy.png","associationType":"BODY","width":1063,"height":808,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzdpOUI2N0UxMTRERkZCREY2NA?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzdpOUI2N0UxMTRERkZCREY2NA?revision=35","title":"Multi_Proxy.png","associationType":"BODY","width":1428,"height":940,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzhpOTUzMzA0NTc3QTUyMjI0MA?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzhpOTUzMzA0NTc3QTUyMjI0MA?revision=35","title":"Config Properties.png","associationType":"BODY","width":1588,"height":851,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzlpM0M5MTVDQzIyMEUyNjRBNw?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzlpM0M5MTVDQzIyMEUyNjRBNw?revision=35","title":"Authentication.png","associationType":"BODY","width":1465,"height":781,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODBpMTgzQTMzRTBFMjdGQ0FBQw?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODBpMTgzQTMzRTBFMjdGQ0FBQw?revision=35","title":"MFA.png","associationType":"BODY","width":1128,"height":667,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODFpN0VFNzVCN0RGMEQzRUZGNw?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODFpN0VFNzVCN0RGMEQzRUZGNw?revision=35","title":"Session Management.png","associationType":"BODY","width":1715,"height":1032,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODJpOEFFNEI3MEQ0MzNDQzgyNg?revision=35\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODJpOEFFNEI3MEQ0MzNDQzgyNg?revision=35","title":"Deployment.png","associationType":"BODY","width":1725,"height":1146,"altText":null},"TkbTopicMessage:message:291883":{"__typename":"TkbTopicMessage","subject":"F5's Access Policy Manager the Access Proxy for Zero Trust Architectures","conversation":{"__ref":"Conversation:conversation:291883"},"id":"message:291883","revisionNum":35,"uid":291883,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:275378"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":1031},"postTime":"2022-02-27T18:00:00.050-08:00","lastPublishTime":"2022-03-09T11:46:51.546-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n In my previous article titled 7 Steps for Successfully Implementing Zero Trust Architectures, I detailed how to get started on the journey of implementing Zero Trust Architectures. In that article, I pointed out 7 steps I felt were critical in effectively implementing a Zero Trust Architecture. One of the necessary steps was having a robust Access Proxy. This article will showcase F5’s robust Access Proxy. \n In a Zero Trust architecture the centralized control point for all clients and applications is the Access Proxy. At the Access Proxy we need to handle authentication, authorization, and centralized logging. This Access Proxy should interface with multiple systems for authentication, handling both multi factor authentication and Single Sign On (SSO) to relieve users of the burden of logging into multiple systems. This Access Proxy initially checks and continuously monitors devices for the required configuration. Finally, robust Access Proxy should be able to seamlessly integrate with third party solutions. \n F5’s Access Proxy is the Access Policy Manager (APM). APM is one of the best Access Proxy’s on the market. \n The following sections will highlight the versatility and ease that F5’s solution offers: \n Select Appropriate Configuration \n F5 released Access Guided Configurations to make it simple and intuitive. The image below illustrates all the guided configurations available at the time of this article. This article we will focus on the Zero Trust selection. \n Click the Zero Trust option \n \n \n Verify Required Configuration \n F5 will verify that basic configuration items required are present. If not, you will be guided through the steps. Here the base configuration is already in place. \n \n Select Appropriate Configuration \n Determine whether a single or multi proxy topology is required. You are presented a diagram and a description to help make the decision based on your requirements. \n \n Select Appropriate Configuration Object \n The next decision is the enabling/leaving unselected any of the following items based on how you decided to implement this solution. The user will be presented different options based on their previous selections. \n ● Device Posture ● MFA ● SSO ● Application Group ● Webtop \n \n Select Appropriate Authentication Properties \n Based on your environment you are offered the authentication type required and supported by APM. \n \n Select Appropriate MFA Properties - If Selected \n \n F5 has developed third party integrations based on demand from customers. This simplifies and streamlines the process. \n Review and Modify Session Management Variables \n F5 provides the opportunity to fine tune session variables before finalizing the configuration. The form has default values provided, if you are unsure. \n \n Review and Modify Final Deployment \n The final step in this Guide Configuration before deployment is reviewing and the ability to edit anything previously configured before deployment. \n Closing – \n As illustrated, F5’s APM solution deployed as an Identity Aware Proxy nicely fits in a Zero Trust Architecture. IAP is a single control point for all users and devices accessing your applications. IAP continuously monitors users and devices and applies access control policies as finely grained as you specify. It will handle SSO and MFA if configured. The APM has the ability to be configured to implement a per-request policy enforcement posture to better align with a Zero Trust Architecture. \n This article was not meant for a step by step guide to implement F5’s APM in a Zero Trust Architecture. This was to show the ease of deployment and how this implementation walks one through the setup. \n https://www.f5.com/company/blog/zero-trust-azure-active-directory-access-big-ip-apm \n For detailed steps I have linked several resources below. \n https://clouddocs.f5.com/training/community/access-solutions/ https://clouddocs.f5.com/training/community/iam/html/class2/class2.html \n #zerotrust #ZT #ZTA #ZTNA \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4045","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODRpOTREQ0U3RUE4MzQyRTYyOA?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzRpOEYyRTgzNzY1QTcyMTNEOA?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzVpNzZBRTkzQzM0QUREQzQ2Mg?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzZpQjNBQTRBQjBEMTRDQjFGMA?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzdpOUI2N0UxMTRERkZCREY2NA?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzhpOTUzMzA0NTc3QTUyMjI0MA?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0NzlpM0M5MTVDQzIyMEUyNjRBNw?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODBpMTgzQTMzRTBFMjdGQ0FBQw?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODFpN0VFNzVCN0RGMEQzRUZGNw?revision=35\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTE4ODMtMTY0ODJpOEFFNEI3MEQ0MzNDQzgyNg?revision=35\"}"}}],"totalCount":10,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1744046271000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1744046271000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1744046271000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1744046271000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1744046271000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1744046271000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1744046271000","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1744046271000","value":{"title":"Query Handler"},"localOverride":false},"Category:category:top":{"__typename":"Category","id":"category:top","nodeType":"category"},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1744046271000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1744046271000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1744046271000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1744046271000","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1744046271000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1744046271000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1744046271000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1744046271000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1744046271000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1744046271000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1744046271000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1744046271000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1744046271000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1744046271000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1744046271000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1744046271000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"tagName":"zerotrust"},"buildId":"ISAhs0UxT148eG089lpQq","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"25.3.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","./components/customComponent/CustomComponentContent/HtmlContent.tsx","./components/customComponent/CustomComponentContent/CustomComponentScripts.tsx"],"appGip":true,"scriptLoader":[]}