Forum Discussion
mikeshimkus_111
Nov 30, 2015Historic F5 Account
Hi, you are saying that you have multiple URLs for each service? For now you will need to disable strictness on the iApp application service object, then edit the _secure_reverse_proxy iRule and add your additional hostnames to it:
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
chat.lync2013.local* { pool lync_2013_reverse_proxy_front_end_4443_pool }
dir.lync2013.local* { pool lync_2013_reverse_proxy_director_4443_pool }
meet.lync2013.local* { pool lync_2013_reverse_proxy_director_4443_pool }
dialin.lync2013.local* { pool lync_2013_reverse_proxy_director_4443_pool }
lyncdiscover.lync2013.local* { pool lync_2013_reverse_proxy_director_4443_pool }
}
}
In a future version, we plan on adding the ability to use an arbitrary number of URLs to the iApp.
- DushyantSingh_1Nov 30, 2015Nimbostratusthanks! Mike. let me try that out.
- DushyantSingh_1Nov 30, 2015NimbostratusJust noticed that my VIP is in DMZ that's routing domain 1 and Pool members are in trusted domain e.i. route domain 2. Is there a way to make them communicate, all traffic coming on to this VIP is being reset. Can we achieve inter-route domain.
- mikeshimkus_111Dec 01, 2015Historic F5 AccountCheck the section about traffic forwarding between route domains here: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-ip-routing-administration-11-2-0/2.html
- Tom_ObrenoMar 15, 2016NimbostratusI added multiple FQDN's to the iRule and everything is working but I do have a side-effect. We are using a wildcard certificate for Lync and now he's prompting to trust the certificate. We didn't have this using an IIS with ARR since I had to create rewrite rules. Can somebody help me out to create rewrite those rules to F5-rules please?
- JamesSevedge_23Mar 15, 2016Historic F5 AccountHello Tom, Are you referring to the URL rewrite rules with ARR? Those rewrite rules are utilized so ARR knows where to route the traffic it receives based on the host header, to which backend servers, whether it be Lync or something else using IIS AAR. Typically this is required if ARR is being used for more then just Lync, if it is just Lync then a wildcard rewrite URL could be used to direct all traffic to the Lync servers regardless of host header. This shouldn't affect changes in certificates however, only the location. The same certificate utilized in IIS ARR on port 443 should be the cert imported into the BIG-IP and then selected in the section in the following sentence. The client is going to see the F5 certificate as what to trust, this is defined within the "Microsoft Lync Server Reverse Proxy" section of the iAPP when it asks for the certificate, key and intermediate cert to use. Could you please provide information on what certificate you assigned within the F5 lync iAPP compared to what is assigned within IIS ARR?